[TASK] Replace TYPO3_OS constant with Environment check
[Packages/TYPO3.CMS.git] / typo3 / sysext / core / Classes / Utility / GeneralUtility.php
1 <?php
2 namespace TYPO3\CMS\Core\Utility;
3
4 /*
5 * This file is part of the TYPO3 CMS project.
6 *
7 * It is free software; you can redistribute it and/or modify it under
8 * the terms of the GNU General Public License, either version 2
9 * of the License, or any later version.
10 *
11 * For the full copyright and license information, please read the
12 * LICENSE.txt file that was distributed with this source code.
13 *
14 * The TYPO3 project - inspiring people to share!
15 */
16
17 use GuzzleHttp\Exception\RequestException;
18 use Psr\Log\LoggerAwareInterface;
19 use Psr\Log\LoggerInterface;
20 use TYPO3\CMS\Core\Core\ApplicationContext;
21 use TYPO3\CMS\Core\Core\ClassLoadingInformation;
22 use TYPO3\CMS\Core\Core\Environment;
23 use TYPO3\CMS\Core\Http\RequestFactory;
24 use TYPO3\CMS\Core\Log\LogLevel;
25 use TYPO3\CMS\Core\Log\LogManager;
26 use TYPO3\CMS\Core\Service\OpcodeCacheService;
27 use TYPO3\CMS\Core\SingletonInterface;
28 use TYPO3Fluid\Fluid\Core\Rendering\RenderingContextInterface;
29
30 /**
31 * The legendary "t3lib_div" class - Miscellaneous functions for general purpose.
32 * Most of the functions do not relate specifically to TYPO3
33 * However a section of functions requires certain TYPO3 features available
34 * See comments in the source.
35 * You are encouraged to use this library in your own scripts!
36 *
37 * USE:
38 * The class is intended to be used without creating an instance of it.
39 * So: Don't instantiate - call functions with "\TYPO3\CMS\Core\Utility\GeneralUtility::" prefixed the function name.
40 * So use \TYPO3\CMS\Core\Utility\GeneralUtility::[method-name] to refer to the functions, eg. '\TYPO3\CMS\Core\Utility\GeneralUtility::milliseconds()'
41 */
42 class GeneralUtility
43 {
44 // Severity constants used by \TYPO3\CMS\Core\Utility\GeneralUtility::devLog()
45 // @deprecated since TYPO3 CMS 9, will be removed in TYPO3 CMS 10.
46 const SYSLOG_SEVERITY_INFO = 0;
47 const SYSLOG_SEVERITY_NOTICE = 1;
48 const SYSLOG_SEVERITY_WARNING = 2;
49 const SYSLOG_SEVERITY_ERROR = 3;
50 const SYSLOG_SEVERITY_FATAL = 4;
51
52 const ENV_TRUSTED_HOSTS_PATTERN_ALLOW_ALL = '.*';
53 const ENV_TRUSTED_HOSTS_PATTERN_SERVER_NAME = 'SERVER_NAME';
54
55 /**
56 * State of host header value security check
57 * in order to avoid unnecessary multiple checks during one request
58 *
59 * @var bool
60 */
61 protected static $allowHostHeaderValue = false;
62
63 /**
64 * Singleton instances returned by makeInstance, using the class names as
65 * array keys
66 *
67 * @var array<\TYPO3\CMS\Core\SingletonInterface>
68 */
69 protected static $singletonInstances = [];
70
71 /**
72 * Instances returned by makeInstance, using the class names as array keys
73 *
74 * @var array<array><object>
75 */
76 protected static $nonSingletonInstances = [];
77
78 /**
79 * Cache for makeInstance with given class name and final class names to reduce number of self::getClassName() calls
80 *
81 * @var array Given class name => final class name
82 */
83 protected static $finalClassNameCache = [];
84
85 /**
86 * The application context
87 *
88 * @var \TYPO3\CMS\Core\Core\ApplicationContext
89 */
90 protected static $applicationContext = null;
91
92 /**
93 * IDNA string cache
94 *
95 * @var array<string>
96 */
97 protected static $idnaStringCache = [];
98
99 /**
100 * IDNA converter
101 *
102 * @var \Mso\IdnaConvert\IdnaConvert
103 */
104 protected static $idnaConverter = null;
105
106 /**
107 * A list of supported CGI server APIs
108 * NOTICE: This is a duplicate of the SAME array in SystemEnvironmentBuilder
109 * @var array
110 */
111 protected static $supportedCgiServerApis = [
112 'fpm-fcgi',
113 'cgi',
114 'isapi',
115 'cgi-fcgi',
116 'srv', // HHVM with fastcgi
117 ];
118
119 /**
120 * @var array
121 */
122 protected static $indpEnvCache = [];
123
124 /*************************
125 *
126 * GET/POST Variables
127 *
128 * Background:
129 * Input GET/POST variables in PHP may have their quotes escaped with "\" or not depending on configuration.
130 * TYPO3 has always converted quotes to BE escaped if the configuration told that they would not be so.
131 * But the clean solution is that quotes are never escaped and that is what the functions below offers.
132 * Eventually TYPO3 should provide this in the global space as well.
133 * In the transitional phase (or forever..?) we need to encourage EVERY to read and write GET/POST vars through the API functions below.
134 * This functionality was previously needed to normalize between magic quotes logic, which was removed from PHP 5.4,
135 * so these methods are still in use, but not tackle the slash problem anymore.
136 *
137 *************************/
138 /**
139 * Returns the 'GLOBAL' value of incoming data from POST or GET, with priority to POST (that is equalent to 'GP' order)
140 * To enhance security in your scripts, please consider using GeneralUtility::_GET or GeneralUtility::_POST if you already
141 * know by which method your data is arriving to the scripts!
142 *
143 * @param string $var GET/POST var to return
144 * @return mixed POST var named $var and if not set, the GET var of the same name.
145 */
146 public static function _GP($var)
147 {
148 if (empty($var)) {
149 return;
150 }
151 if (isset($_POST[$var])) {
152 $value = $_POST[$var];
153 } elseif (isset($_GET[$var])) {
154 $value = $_GET[$var];
155 } else {
156 $value = null;
157 }
158 // This is there for backwards-compatibility, in order to avoid NULL
159 if (isset($value) && !is_array($value)) {
160 $value = (string)$value;
161 }
162 return $value;
163 }
164
165 /**
166 * Returns the global arrays $_GET and $_POST merged with $_POST taking precedence.
167 *
168 * @param string $parameter Key (variable name) from GET or POST vars
169 * @return array Returns the GET vars merged recursively onto the POST vars.
170 */
171 public static function _GPmerged($parameter)
172 {
173 $postParameter = isset($_POST[$parameter]) && is_array($_POST[$parameter]) ? $_POST[$parameter] : [];
174 $getParameter = isset($_GET[$parameter]) && is_array($_GET[$parameter]) ? $_GET[$parameter] : [];
175 $mergedParameters = $getParameter;
176 ArrayUtility::mergeRecursiveWithOverrule($mergedParameters, $postParameter);
177 return $mergedParameters;
178 }
179
180 /**
181 * Returns the global $_GET array (or value from) normalized to contain un-escaped values.
182 * ALWAYS use this API function to acquire the GET variables!
183 * This function was previously used to normalize between magic quotes logic, which was removed from PHP 5.5
184 *
185 * @param string $var Optional pointer to value in GET array (basically name of GET var)
186 * @return mixed If $var is set it returns the value of $_GET[$var]. If $var is NULL (default), returns $_GET itself. In any case *slashes are stipped from the output!*
187 * @see _POST(), _GP(), _GETset()
188 */
189 public static function _GET($var = null)
190 {
191 $value = $var === null ? $_GET : (empty($var) ? null : $_GET[$var]);
192 // This is there for backwards-compatibility, in order to avoid NULL
193 if (isset($value) && !is_array($value)) {
194 $value = (string)$value;
195 }
196 return $value;
197 }
198
199 /**
200 * Returns the global $_POST array (or value from) normalized to contain un-escaped values.
201 * ALWAYS use this API function to acquire the $_POST variables!
202 *
203 * @param string $var Optional pointer to value in POST array (basically name of POST var)
204 * @return mixed If $var is set it returns the value of $_POST[$var]. If $var is NULL (default), returns $_POST itself. In any case *slashes are stipped from the output!*
205 * @see _GET(), _GP()
206 */
207 public static function _POST($var = null)
208 {
209 $value = $var === null ? $_POST : (empty($var) || !isset($_POST[$var]) ? null : $_POST[$var]);
210 // This is there for backwards-compatibility, in order to avoid NULL
211 if (isset($value) && !is_array($value)) {
212 $value = (string)$value;
213 }
214 return $value;
215 }
216
217 /**
218 * Writes input value to $_GET.
219 *
220 * @param mixed $inputGet
221 * @param string $key
222 */
223 public static function _GETset($inputGet, $key = '')
224 {
225 if ($key != '') {
226 if (strpos($key, '|') !== false) {
227 $pieces = explode('|', $key);
228 $newGet = [];
229 $pointer = &$newGet;
230 foreach ($pieces as $piece) {
231 $pointer = &$pointer[$piece];
232 }
233 $pointer = $inputGet;
234 $mergedGet = $_GET;
235 ArrayUtility::mergeRecursiveWithOverrule($mergedGet, $newGet);
236 $_GET = $mergedGet;
237 $GLOBALS['HTTP_GET_VARS'] = $mergedGet;
238 } else {
239 $_GET[$key] = $inputGet;
240 $GLOBALS['HTTP_GET_VARS'][$key] = $inputGet;
241 }
242 } elseif (is_array($inputGet)) {
243 $_GET = $inputGet;
244 $GLOBALS['HTTP_GET_VARS'] = $inputGet;
245 }
246 }
247
248 /*************************
249 *
250 * STRING FUNCTIONS
251 *
252 *************************/
253 /**
254 * Truncates a string with appended/prepended "..." and takes current character set into consideration.
255 *
256 * @param string $string String to truncate
257 * @param int $chars Must be an integer with an absolute value of at least 4. if negative the string is cropped from the right end.
258 * @param string $appendString Appendix to the truncated string
259 * @return string Cropped string
260 */
261 public static function fixed_lgd_cs($string, $chars, $appendString = '...')
262 {
263 if ((int)$chars === 0 || mb_strlen($string, 'utf-8') <= abs($chars)) {
264 return $string;
265 }
266 if ($chars > 0) {
267 $string = mb_substr($string, 0, $chars, 'utf-8') . $appendString;
268 } else {
269 $string = $appendString . mb_substr($string, $chars, mb_strlen($string, 'utf-8'), 'utf-8');
270 }
271 return $string;
272 }
273
274 /**
275 * Match IP number with list of numbers with wildcard
276 * Dispatcher method for switching into specialised IPv4 and IPv6 methods.
277 *
278 * @param string $baseIP Is the current remote IP address for instance, typ. REMOTE_ADDR
279 * @param string $list Is a comma-list of IP-addresses to match with. *-wildcard allowed instead of number, plus leaving out parts in the IP number is accepted as wildcard (eg. 192.168.*.* equals 192.168). If list is "*" no check is done and the function returns TRUE immediately. An empty list always returns FALSE.
280 * @return bool TRUE if an IP-mask from $list matches $baseIP
281 */
282 public static function cmpIP($baseIP, $list)
283 {
284 $list = trim($list);
285 if ($list === '') {
286 return false;
287 }
288 if ($list === '*') {
289 return true;
290 }
291 if (strpos($baseIP, ':') !== false && self::validIPv6($baseIP)) {
292 return self::cmpIPv6($baseIP, $list);
293 }
294 return self::cmpIPv4($baseIP, $list);
295 }
296
297 /**
298 * Match IPv4 number with list of numbers with wildcard
299 *
300 * @param string $baseIP Is the current remote IP address for instance, typ. REMOTE_ADDR
301 * @param string $list Is a comma-list of IP-addresses to match with. *-wildcard allowed instead of number, plus leaving out parts in the IP number is accepted as wildcard (eg. 192.168.*.* equals 192.168), could also contain IPv6 addresses
302 * @return bool TRUE if an IP-mask from $list matches $baseIP
303 */
304 public static function cmpIPv4($baseIP, $list)
305 {
306 $IPpartsReq = explode('.', $baseIP);
307 if (count($IPpartsReq) === 4) {
308 $values = self::trimExplode(',', $list, true);
309 foreach ($values as $test) {
310 $testList = explode('/', $test);
311 if (count($testList) === 2) {
312 list($test, $mask) = $testList;
313 } else {
314 $mask = false;
315 }
316 if ((int)$mask) {
317 // "192.168.3.0/24"
318 $lnet = ip2long($test);
319 $lip = ip2long($baseIP);
320 $binnet = str_pad(decbin($lnet), 32, '0', STR_PAD_LEFT);
321 $firstpart = substr($binnet, 0, $mask);
322 $binip = str_pad(decbin($lip), 32, '0', STR_PAD_LEFT);
323 $firstip = substr($binip, 0, $mask);
324 $yes = $firstpart === $firstip;
325 } else {
326 // "192.168.*.*"
327 $IPparts = explode('.', $test);
328 $yes = 1;
329 foreach ($IPparts as $index => $val) {
330 $val = trim($val);
331 if ($val !== '*' && $IPpartsReq[$index] !== $val) {
332 $yes = 0;
333 }
334 }
335 }
336 if ($yes) {
337 return true;
338 }
339 }
340 }
341 return false;
342 }
343
344 /**
345 * Match IPv6 address with a list of IPv6 prefixes
346 *
347 * @param string $baseIP Is the current remote IP address for instance
348 * @param string $list Is a comma-list of IPv6 prefixes, could also contain IPv4 addresses
349 * @return bool TRUE If an baseIP matches any prefix
350 */
351 public static function cmpIPv6($baseIP, $list)
352 {
353 // Policy default: Deny connection
354 $success = false;
355 $baseIP = self::normalizeIPv6($baseIP);
356 $values = self::trimExplode(',', $list, true);
357 foreach ($values as $test) {
358 $testList = explode('/', $test);
359 if (count($testList) === 2) {
360 list($test, $mask) = $testList;
361 } else {
362 $mask = false;
363 }
364 if (self::validIPv6($test)) {
365 $test = self::normalizeIPv6($test);
366 $maskInt = (int)$mask ?: 128;
367 // Special case; /0 is an allowed mask - equals a wildcard
368 if ($mask === '0') {
369 $success = true;
370 } elseif ($maskInt == 128) {
371 $success = $test === $baseIP;
372 } else {
373 $testBin = self::IPv6Hex2Bin($test);
374 $baseIPBin = self::IPv6Hex2Bin($baseIP);
375 $success = true;
376 // Modulo is 0 if this is a 8-bit-boundary
377 $maskIntModulo = $maskInt % 8;
378 $numFullCharactersUntilBoundary = (int)($maskInt / 8);
379 if (substr($testBin, 0, $numFullCharactersUntilBoundary) !== substr($baseIPBin, 0, $numFullCharactersUntilBoundary)) {
380 $success = false;
381 } elseif ($maskIntModulo > 0) {
382 // If not an 8-bit-boundary, check bits of last character
383 $testLastBits = str_pad(decbin(ord(substr($testBin, $numFullCharactersUntilBoundary, 1))), 8, '0', STR_PAD_LEFT);
384 $baseIPLastBits = str_pad(decbin(ord(substr($baseIPBin, $numFullCharactersUntilBoundary, 1))), 8, '0', STR_PAD_LEFT);
385 if (strncmp($testLastBits, $baseIPLastBits, $maskIntModulo) != 0) {
386 $success = false;
387 }
388 }
389 }
390 }
391 if ($success) {
392 return true;
393 }
394 }
395 return false;
396 }
397
398 /**
399 * Transform a regular IPv6 address from hex-representation into binary
400 *
401 * @param string $hex IPv6 address in hex-presentation
402 * @return string Binary representation (16 characters, 128 characters)
403 * @see IPv6Bin2Hex()
404 */
405 public static function IPv6Hex2Bin($hex)
406 {
407 return inet_pton($hex);
408 }
409
410 /**
411 * Transform an IPv6 address from binary to hex-representation
412 *
413 * @param string $bin IPv6 address in hex-presentation
414 * @return string Binary representation (16 characters, 128 characters)
415 * @see IPv6Hex2Bin()
416 */
417 public static function IPv6Bin2Hex($bin)
418 {
419 return inet_ntop($bin);
420 }
421
422 /**
423 * Normalize an IPv6 address to full length
424 *
425 * @param string $address Given IPv6 address
426 * @return string Normalized address
427 * @see compressIPv6()
428 */
429 public static function normalizeIPv6($address)
430 {
431 $normalizedAddress = '';
432 $stageOneAddress = '';
433 // According to RFC lowercase-representation is recommended
434 $address = strtolower($address);
435 // Normalized representation has 39 characters (0000:0000:0000:0000:0000:0000:0000:0000)
436 if (strlen($address) === 39) {
437 // Already in full expanded form
438 return $address;
439 }
440 // Count 2 if if address has hidden zero blocks
441 $chunks = explode('::', $address);
442 if (count($chunks) === 2) {
443 $chunksLeft = explode(':', $chunks[0]);
444 $chunksRight = explode(':', $chunks[1]);
445 $left = count($chunksLeft);
446 $right = count($chunksRight);
447 // Special case: leading zero-only blocks count to 1, should be 0
448 if ($left === 1 && strlen($chunksLeft[0]) === 0) {
449 $left = 0;
450 }
451 $hiddenBlocks = 8 - ($left + $right);
452 $hiddenPart = '';
453 $h = 0;
454 while ($h < $hiddenBlocks) {
455 $hiddenPart .= '0000:';
456 $h++;
457 }
458 if ($left === 0) {
459 $stageOneAddress = $hiddenPart . $chunks[1];
460 } else {
461 $stageOneAddress = $chunks[0] . ':' . $hiddenPart . $chunks[1];
462 }
463 } else {
464 $stageOneAddress = $address;
465 }
466 // Normalize the blocks:
467 $blocks = explode(':', $stageOneAddress);
468 $divCounter = 0;
469 foreach ($blocks as $block) {
470 $tmpBlock = '';
471 $i = 0;
472 $hiddenZeros = 4 - strlen($block);
473 while ($i < $hiddenZeros) {
474 $tmpBlock .= '0';
475 $i++;
476 }
477 $normalizedAddress .= $tmpBlock . $block;
478 if ($divCounter < 7) {
479 $normalizedAddress .= ':';
480 $divCounter++;
481 }
482 }
483 return $normalizedAddress;
484 }
485
486 /**
487 * Compress an IPv6 address to the shortest notation
488 *
489 * @param string $address Given IPv6 address
490 * @return string Compressed address
491 * @see normalizeIPv6()
492 */
493 public static function compressIPv6($address)
494 {
495 return inet_ntop(inet_pton($address));
496 }
497
498 /**
499 * Validate a given IP address.
500 *
501 * Possible format are IPv4 and IPv6.
502 *
503 * @param string $ip IP address to be tested
504 * @return bool TRUE if $ip is either of IPv4 or IPv6 format.
505 */
506 public static function validIP($ip)
507 {
508 return filter_var($ip, FILTER_VALIDATE_IP) !== false;
509 }
510
511 /**
512 * Validate a given IP address to the IPv4 address format.
513 *
514 * Example for possible format: 10.0.45.99
515 *
516 * @param string $ip IP address to be tested
517 * @return bool TRUE if $ip is of IPv4 format.
518 */
519 public static function validIPv4($ip)
520 {
521 return filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4) !== false;
522 }
523
524 /**
525 * Validate a given IP address to the IPv6 address format.
526 *
527 * Example for possible format: 43FB::BB3F:A0A0:0 | ::1
528 *
529 * @param string $ip IP address to be tested
530 * @return bool TRUE if $ip is of IPv6 format.
531 */
532 public static function validIPv6($ip)
533 {
534 return filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6) !== false;
535 }
536
537 /**
538 * Match fully qualified domain name with list of strings with wildcard
539 *
540 * @param string $baseHost A hostname or an IPv4/IPv6-address (will by reverse-resolved; typically REMOTE_ADDR)
541 * @param string $list A comma-list of domain names to match with. *-wildcard allowed but cannot be part of a string, so it must match the full host name (eg. myhost.*.com => correct, myhost.*domain.com => wrong)
542 * @return bool TRUE if a domain name mask from $list matches $baseIP
543 */
544 public static function cmpFQDN($baseHost, $list)
545 {
546 $baseHost = trim($baseHost);
547 if (empty($baseHost)) {
548 return false;
549 }
550 if (self::validIPv4($baseHost) || self::validIPv6($baseHost)) {
551 // Resolve hostname
552 // Note: this is reverse-lookup and can be randomly set as soon as somebody is able to set
553 // the reverse-DNS for his IP (security when for example used with REMOTE_ADDR)
554 $baseHostName = gethostbyaddr($baseHost);
555 if ($baseHostName === $baseHost) {
556 // Unable to resolve hostname
557 return false;
558 }
559 } else {
560 $baseHostName = $baseHost;
561 }
562 $baseHostNameParts = explode('.', $baseHostName);
563 $values = self::trimExplode(',', $list, true);
564 foreach ($values as $test) {
565 $hostNameParts = explode('.', $test);
566 // To match hostNameParts can only be shorter (in case of wildcards) or equal
567 $hostNamePartsCount = count($hostNameParts);
568 $baseHostNamePartsCount = count($baseHostNameParts);
569 if ($hostNamePartsCount > $baseHostNamePartsCount) {
570 continue;
571 }
572 $yes = true;
573 foreach ($hostNameParts as $index => $val) {
574 $val = trim($val);
575 if ($val === '*') {
576 // Wildcard valid for one or more hostname-parts
577 $wildcardStart = $index + 1;
578 // Wildcard as last/only part always matches, otherwise perform recursive checks
579 if ($wildcardStart < $hostNamePartsCount) {
580 $wildcardMatched = false;
581 $tempHostName = implode('.', array_slice($hostNameParts, $index + 1));
582 while ($wildcardStart < $baseHostNamePartsCount && !$wildcardMatched) {
583 $tempBaseHostName = implode('.', array_slice($baseHostNameParts, $wildcardStart));
584 $wildcardMatched = self::cmpFQDN($tempBaseHostName, $tempHostName);
585 $wildcardStart++;
586 }
587 if ($wildcardMatched) {
588 // Match found by recursive compare
589 return true;
590 }
591 $yes = false;
592 }
593 } elseif ($baseHostNameParts[$index] !== $val) {
594 // In case of no match
595 $yes = false;
596 }
597 }
598 if ($yes) {
599 return true;
600 }
601 }
602 return false;
603 }
604
605 /**
606 * Checks if a given URL matches the host that currently handles this HTTP request.
607 * Scheme, hostname and (optional) port of the given URL are compared.
608 *
609 * @param string $url URL to compare with the TYPO3 request host
610 * @return bool Whether the URL matches the TYPO3 request host
611 */
612 public static function isOnCurrentHost($url)
613 {
614 return stripos($url . '/', self::getIndpEnv('TYPO3_REQUEST_HOST') . '/') === 0;
615 }
616
617 /**
618 * Check for item in list
619 * Check if an item exists in a comma-separated list of items.
620 *
621 * @param string $list Comma-separated list of items (string)
622 * @param string $item Item to check for
623 * @return bool TRUE if $item is in $list
624 */
625 public static function inList($list, $item)
626 {
627 return strpos(',' . $list . ',', ',' . $item . ',') !== false;
628 }
629
630 /**
631 * Removes an item from a comma-separated list of items.
632 *
633 * If $element contains a comma, the behaviour of this method is undefined.
634 * Empty elements in the list are preserved.
635 *
636 * @param string $element Element to remove
637 * @param string $list Comma-separated list of items (string)
638 * @return string New comma-separated list of items
639 */
640 public static function rmFromList($element, $list)
641 {
642 $items = explode(',', $list);
643 foreach ($items as $k => $v) {
644 if ($v == $element) {
645 unset($items[$k]);
646 }
647 }
648 return implode(',', $items);
649 }
650
651 /**
652 * Expand a comma-separated list of integers with ranges (eg 1,3-5,7 becomes 1,3,4,5,7).
653 * Ranges are limited to 1000 values per range.
654 *
655 * @param string $list Comma-separated list of integers with ranges (string)
656 * @return string New comma-separated list of items
657 */
658 public static function expandList($list)
659 {
660 $items = explode(',', $list);
661 $list = [];
662 foreach ($items as $item) {
663 $range = explode('-', $item);
664 if (isset($range[1])) {
665 $runAwayBrake = 1000;
666 for ($n = $range[0]; $n <= $range[1]; $n++) {
667 $list[] = $n;
668 $runAwayBrake--;
669 if ($runAwayBrake <= 0) {
670 break;
671 }
672 }
673 } else {
674 $list[] = $item;
675 }
676 }
677 return implode(',', $list);
678 }
679
680 /**
681 * Makes a positive integer hash out of the first 7 chars from the md5 hash of the input
682 *
683 * @param string $str String to md5-hash
684 * @return int Returns 28bit integer-hash
685 */
686 public static function md5int($str)
687 {
688 return hexdec(substr(md5($str), 0, 7));
689 }
690
691 /**
692 * Returns the first 10 positions of the MD5-hash (changed from 6 to 10 recently)
693 *
694 * @param string $input Input string to be md5-hashed
695 * @param int $len The string-length of the output
696 * @return string Substring of the resulting md5-hash, being $len chars long (from beginning)
697 */
698 public static function shortMD5($input, $len = 10)
699 {
700 return substr(md5($input), 0, $len);
701 }
702
703 /**
704 * Returns a proper HMAC on a given input string and secret TYPO3 encryption key.
705 *
706 * @param string $input Input string to create HMAC from
707 * @param string $additionalSecret additionalSecret to prevent hmac being used in a different context
708 * @return string resulting (hexadecimal) HMAC currently with a length of 40 (HMAC-SHA-1)
709 */
710 public static function hmac($input, $additionalSecret = '')
711 {
712 $hashAlgorithm = 'sha1';
713 $hashBlocksize = 64;
714 $secret = $GLOBALS['TYPO3_CONF_VARS']['SYS']['encryptionKey'] . $additionalSecret;
715 if (extension_loaded('hash') && function_exists('hash_hmac') && function_exists('hash_algos') && in_array($hashAlgorithm, hash_algos())) {
716 $hmac = hash_hmac($hashAlgorithm, $input, $secret);
717 } else {
718 // Outer padding
719 $opad = str_repeat(chr(92), $hashBlocksize);
720 // Inner padding
721 $ipad = str_repeat(chr(54), $hashBlocksize);
722 if (strlen($secret) > $hashBlocksize) {
723 // Keys longer than block size are shorten
724 $key = str_pad(pack('H*', call_user_func($hashAlgorithm, $secret)), $hashBlocksize, chr(0));
725 } else {
726 // Keys shorter than block size are zero-padded
727 $key = str_pad($secret, $hashBlocksize, chr(0));
728 }
729 $hmac = call_user_func($hashAlgorithm, ($key ^ $opad) . pack('H*', call_user_func(
730 $hashAlgorithm,
731 ($key ^ $ipad) . $input
732 )));
733 }
734 return $hmac;
735 }
736
737 /**
738 * Takes comma-separated lists and arrays and removes all duplicates
739 * If a value in the list is trim(empty), the value is ignored.
740 *
741 * @param string $in_list Accept multiple parameters which can be comma-separated lists of values and arrays.
742 * @param mixed $secondParameter Dummy field, which if set will show a warning!
743 * @return string Returns the list without any duplicates of values, space around values are trimmed
744 */
745 public static function uniqueList($in_list, $secondParameter = null)
746 {
747 if (is_array($in_list)) {
748 throw new \InvalidArgumentException('TYPO3 Fatal Error: TYPO3\\CMS\\Core\\Utility\\GeneralUtility::uniqueList() does NOT support array arguments anymore! Only string comma lists!', 1270853885);
749 }
750 if (isset($secondParameter)) {
751 throw new \InvalidArgumentException('TYPO3 Fatal Error: TYPO3\\CMS\\Core\\Utility\\GeneralUtility::uniqueList() does NOT support more than a single argument value anymore. You have specified more than one!', 1270853886);
752 }
753 return implode(',', array_unique(self::trimExplode(',', $in_list, true)));
754 }
755
756 /**
757 * Splits a reference to a file in 5 parts
758 *
759 * @param string $fileNameWithPath File name with path to be analysed (must exist if open_basedir is set)
760 * @return array Contains keys [path], [file], [filebody], [fileext], [realFileext]
761 */
762 public static function split_fileref($fileNameWithPath)
763 {
764 $reg = [];
765 if (preg_match('/(.*\\/)(.*)$/', $fileNameWithPath, $reg)) {
766 $info['path'] = $reg[1];
767 $info['file'] = $reg[2];
768 } else {
769 $info['path'] = '';
770 $info['file'] = $fileNameWithPath;
771 }
772 $reg = '';
773 // If open_basedir is set and the fileName was supplied without a path the is_dir check fails
774 if (!is_dir($fileNameWithPath) && preg_match('/(.*)\\.([^\\.]*$)/', $info['file'], $reg)) {
775 $info['filebody'] = $reg[1];
776 $info['fileext'] = strtolower($reg[2]);
777 $info['realFileext'] = $reg[2];
778 } else {
779 $info['filebody'] = $info['file'];
780 $info['fileext'] = '';
781 }
782 reset($info);
783 return $info;
784 }
785
786 /**
787 * Returns the directory part of a path without trailing slash
788 * If there is no dir-part, then an empty string is returned.
789 * Behaviour:
790 *
791 * '/dir1/dir2/script.php' => '/dir1/dir2'
792 * '/dir1/' => '/dir1'
793 * 'dir1/script.php' => 'dir1'
794 * 'd/script.php' => 'd'
795 * '/script.php' => ''
796 * '' => ''
797 *
798 * @param string $path Directory name / path
799 * @return string Processed input value. See function description.
800 */
801 public static function dirname($path)
802 {
803 $p = self::revExplode('/', $path, 2);
804 return count($p) === 2 ? $p[0] : '';
805 }
806
807 /**
808 * Returns TRUE if the first part of $str matches the string $partStr
809 *
810 * @param string $str Full string to check
811 * @param string $partStr Reference string which must be found as the "first part" of the full string
812 * @return bool TRUE if $partStr was found to be equal to the first part of $str
813 */
814 public static function isFirstPartOfStr($str, $partStr)
815 {
816 return $partStr != '' && strpos((string)$str, (string)$partStr, 0) === 0;
817 }
818
819 /**
820 * Formats the input integer $sizeInBytes as bytes/kilobytes/megabytes (-/K/M)
821 *
822 * @param int $sizeInBytes Number of bytes to format.
823 * @param string $labels Binary unit name "iec", decimal unit name "si" or labels for bytes, kilo, mega, giga, and so on separated by vertical bar (|) and possibly encapsulated in "". Eg: " | K| M| G". Defaults to "iec".
824 * @param int $base The unit base if not using a unit name. Defaults to 1024.
825 * @return string Formatted representation of the byte number, for output.
826 */
827 public static function formatSize($sizeInBytes, $labels = '', $base = 0)
828 {
829 $defaultFormats = [
830 'iec' => ['base' => 1024, 'labels' => [' ', ' Ki', ' Mi', ' Gi', ' Ti', ' Pi', ' Ei', ' Zi', ' Yi']],
831 'si' => ['base' => 1000, 'labels' => [' ', ' k', ' M', ' G', ' T', ' P', ' E', ' Z', ' Y']],
832 ];
833 // Set labels and base:
834 if (empty($labels)) {
835 $labels = 'iec';
836 }
837 if (isset($defaultFormats[$labels])) {
838 $base = $defaultFormats[$labels]['base'];
839 $labelArr = $defaultFormats[$labels]['labels'];
840 } else {
841 $base = (int)$base;
842 if ($base !== 1000 && $base !== 1024) {
843 $base = 1024;
844 }
845 $labelArr = explode('|', str_replace('"', '', $labels));
846 }
847 // @todo find out which locale is used for current BE user to cover the BE case as well
848 $oldLocale = setlocale(LC_NUMERIC, 0);
849 $newLocale = isset($GLOBALS['TSFE']) ? $GLOBALS['TSFE']->config['config']['locale_all'] : '';
850 if ($newLocale) {
851 setlocale(LC_NUMERIC, $newLocale);
852 }
853 $localeInfo = localeconv();
854 if ($newLocale) {
855 setlocale(LC_NUMERIC, $oldLocale);
856 }
857 $sizeInBytes = max($sizeInBytes, 0);
858 $multiplier = floor(($sizeInBytes ? log($sizeInBytes) : 0) / log($base));
859 $sizeInUnits = $sizeInBytes / pow($base, $multiplier);
860 if ($sizeInUnits > ($base * .9)) {
861 $multiplier++;
862 }
863 $multiplier = min($multiplier, count($labelArr) - 1);
864 $sizeInUnits = $sizeInBytes / pow($base, $multiplier);
865 return number_format($sizeInUnits, (($multiplier > 0) && ($sizeInUnits < 20)) ? 2 : 0, $localeInfo['decimal_point'], '') . $labelArr[$multiplier];
866 }
867
868 /**
869 * This splits a string by the chars in $operators (typical /+-*) and returns an array with them in
870 *
871 * @param string $string Input string, eg "123 + 456 / 789 - 4
872 * @param string $operators Operators to split by, typically "/+-*
873 * @return array Array with operators and operands separated.
874 * @see \TYPO3\CMS\Frontend\ContentObject\ContentObjectRenderer::calc(), \TYPO3\CMS\Frontend\Imaging\GifBuilder::calcOffset()
875 */
876 public static function splitCalc($string, $operators)
877 {
878 $res = [];
879 $sign = '+';
880 while ($string) {
881 $valueLen = strcspn($string, $operators);
882 $value = substr($string, 0, $valueLen);
883 $res[] = [$sign, trim($value)];
884 $sign = substr($string, $valueLen, 1);
885 $string = substr($string, $valueLen + 1);
886 }
887 reset($res);
888 return $res;
889 }
890
891 /**
892 * Checking syntax of input email address
893 *
894 * http://tools.ietf.org/html/rfc3696
895 * International characters are allowed in email. So the whole address needs
896 * to be converted to punicode before passing it to filter_var(). We convert
897 * the user- and domain part separately to increase the chance of hitting an
898 * entry in self::$idnaStringCache.
899 *
900 * Also the @ sign may appear multiple times in an address. If not used as
901 * a boundary marker between the user- and domain part, it must be escaped
902 * with a backslash: \@. This mean we can not just explode on the @ sign and
903 * expect to get just two parts. So we pop off the domain and then glue the
904 * rest together again.
905 *
906 * @param string $email Input string to evaluate
907 * @return bool Returns TRUE if the $email address (input string) is valid
908 */
909 public static function validEmail($email)
910 {
911 // Early return in case input is not a string
912 if (!is_string($email)) {
913 return false;
914 }
915 $atPosition = strrpos($email, '@');
916 if (!$atPosition || $atPosition + 1 === strlen($email)) {
917 // Return if no @ found or it is placed at the very beginning or end of the email
918 return false;
919 }
920 $domain = substr($email, $atPosition + 1);
921 $user = substr($email, 0, $atPosition);
922 if (!preg_match('/^[a-z0-9.\\-]*$/i', $domain)) {
923 try {
924 $domain = self::idnaEncode($domain);
925 } catch (\InvalidArgumentException $exception) {
926 return false;
927 }
928 }
929 return filter_var($user . '@' . $domain, FILTER_VALIDATE_EMAIL) !== false;
930 }
931
932 /**
933 * Returns an ASCII string (punicode) representation of $value
934 *
935 * @param string $value
936 * @return string An ASCII encoded (punicode) string
937 */
938 public static function idnaEncode($value)
939 {
940 if (isset(self::$idnaStringCache[$value])) {
941 return self::$idnaStringCache[$value];
942 }
943 if (!self::$idnaConverter) {
944 self::$idnaConverter = new \Mso\IdnaConvert\IdnaConvert(['idn_version' => 2008]);
945 }
946 self::$idnaStringCache[$value] = self::$idnaConverter->encode($value);
947 return self::$idnaStringCache[$value];
948 }
949
950 /**
951 * Returns a given string with underscores as UpperCamelCase.
952 * Example: Converts blog_example to BlogExample
953 *
954 * @param string $string String to be converted to camel case
955 * @return string UpperCamelCasedWord
956 */
957 public static function underscoredToUpperCamelCase($string)
958 {
959 return str_replace(' ', '', ucwords(str_replace('_', ' ', strtolower($string))));
960 }
961
962 /**
963 * Returns a given string with underscores as lowerCamelCase.
964 * Example: Converts minimal_value to minimalValue
965 *
966 * @param string $string String to be converted to camel case
967 * @return string lowerCamelCasedWord
968 */
969 public static function underscoredToLowerCamelCase($string)
970 {
971 return lcfirst(str_replace(' ', '', ucwords(str_replace('_', ' ', strtolower($string)))));
972 }
973
974 /**
975 * Returns a given CamelCasedString as an lowercase string with underscores.
976 * Example: Converts BlogExample to blog_example, and minimalValue to minimal_value
977 *
978 * @param string $string String to be converted to lowercase underscore
979 * @return string lowercase_and_underscored_string
980 */
981 public static function camelCaseToLowerCaseUnderscored($string)
982 {
983 $value = preg_replace('/(?<=\\w)([A-Z])/', '_\\1', $string);
984 return mb_strtolower($value, 'utf-8');
985 }
986
987 /**
988 * Checks if a given string is a Uniform Resource Locator (URL).
989 *
990 * On seriously malformed URLs, parse_url may return FALSE and emit an
991 * E_WARNING.
992 *
993 * filter_var() requires a scheme to be present.
994 *
995 * http://www.faqs.org/rfcs/rfc2396.html
996 * Scheme names consist of a sequence of characters beginning with a
997 * lower case letter and followed by any combination of lower case letters,
998 * digits, plus ("+"), period ("."), or hyphen ("-"). For resiliency,
999 * programs interpreting URI should treat upper case letters as equivalent to
1000 * lower case in scheme names (e.g., allow "HTTP" as well as "http").
1001 * scheme = alpha *( alpha | digit | "+" | "-" | "." )
1002 *
1003 * Convert the domain part to punicode if it does not look like a regular
1004 * domain name. Only the domain part because RFC3986 specifies the the rest of
1005 * the url may not contain special characters:
1006 * http://tools.ietf.org/html/rfc3986#appendix-A
1007 *
1008 * @param string $url The URL to be validated
1009 * @return bool Whether the given URL is valid
1010 */
1011 public static function isValidUrl($url)
1012 {
1013 $parsedUrl = parse_url($url);
1014 if (!$parsedUrl || !isset($parsedUrl['scheme'])) {
1015 return false;
1016 }
1017 // HttpUtility::buildUrl() will always build urls with <scheme>://
1018 // our original $url might only contain <scheme>: (e.g. mail:)
1019 // so we convert that to the double-slashed version to ensure
1020 // our check against the $recomposedUrl is proper
1021 if (!self::isFirstPartOfStr($url, $parsedUrl['scheme'] . '://')) {
1022 $url = str_replace($parsedUrl['scheme'] . ':', $parsedUrl['scheme'] . '://', $url);
1023 }
1024 $recomposedUrl = HttpUtility::buildUrl($parsedUrl);
1025 if ($recomposedUrl !== $url) {
1026 // The parse_url() had to modify characters, so the URL is invalid
1027 return false;
1028 }
1029 if (isset($parsedUrl['host']) && !preg_match('/^[a-z0-9.\\-]*$/i', $parsedUrl['host'])) {
1030 try {
1031 $parsedUrl['host'] = self::idnaEncode($parsedUrl['host']);
1032 } catch (\InvalidArgumentException $exception) {
1033 return false;
1034 }
1035 }
1036 return filter_var(HttpUtility::buildUrl($parsedUrl), FILTER_VALIDATE_URL) !== false;
1037 }
1038
1039 /*************************
1040 *
1041 * ARRAY FUNCTIONS
1042 *
1043 *************************/
1044
1045 /**
1046 * Explodes a $string delimited by $delimiter and casts each item in the array to (int).
1047 * Corresponds to \TYPO3\CMS\Core\Utility\GeneralUtility::trimExplode(), but with conversion to integers for all values.
1048 *
1049 * @param string $delimiter Delimiter string to explode with
1050 * @param string $string The string to explode
1051 * @param bool $removeEmptyValues If set, all empty values (='') will NOT be set in output
1052 * @param int $limit If positive, the result will contain a maximum of limit elements,
1053 * @return array Exploded values, all converted to integers
1054 */
1055 public static function intExplode($delimiter, $string, $removeEmptyValues = false, $limit = 0)
1056 {
1057 $result = explode($delimiter, $string);
1058 foreach ($result as $key => &$value) {
1059 if ($removeEmptyValues && ($value === '' || trim($value) === '')) {
1060 unset($result[$key]);
1061 } else {
1062 $value = (int)$value;
1063 }
1064 }
1065 unset($value);
1066 if ($limit !== 0) {
1067 if ($limit < 0) {
1068 $result = array_slice($result, 0, $limit);
1069 } elseif (count($result) > $limit) {
1070 $lastElements = array_slice($result, $limit - 1);
1071 $result = array_slice($result, 0, $limit - 1);
1072 $result[] = implode($delimiter, $lastElements);
1073 }
1074 }
1075 return $result;
1076 }
1077
1078 /**
1079 * Reverse explode which explodes the string counting from behind.
1080 *
1081 * Note: The delimiter has to given in the reverse order as
1082 * it is occurring within the string.
1083 *
1084 * GeneralUtility::revExplode('[]', '[my][words][here]', 2)
1085 * ==> array('[my][words', 'here]')
1086 *
1087 * @param string $delimiter Delimiter string to explode with
1088 * @param string $string The string to explode
1089 * @param int $count Number of array entries
1090 * @return array Exploded values
1091 */
1092 public static function revExplode($delimiter, $string, $count = 0)
1093 {
1094 // 2 is the (currently, as of 2014-02) most-used value for $count in the core, therefore we check it first
1095 if ($count === 2) {
1096 $position = strrpos($string, strrev($delimiter));
1097 if ($position !== false) {
1098 return [substr($string, 0, $position), substr($string, $position + strlen($delimiter))];
1099 }
1100 return [$string];
1101 }
1102 if ($count <= 1) {
1103 return [$string];
1104 }
1105 $explodedValues = explode($delimiter, strrev($string), $count);
1106 $explodedValues = array_map('strrev', $explodedValues);
1107 return array_reverse($explodedValues);
1108 }
1109
1110 /**
1111 * Explodes a string and trims all values for whitespace in the end.
1112 * If $onlyNonEmptyValues is set, then all blank ('') values are removed.
1113 *
1114 * @param string $delim Delimiter string to explode with
1115 * @param string $string The string to explode
1116 * @param bool $removeEmptyValues If set, all empty values will be removed in output
1117 * @param int $limit If limit is set and positive, the returned array will contain a maximum of limit elements with
1118 * the last element containing the rest of string. If the limit parameter is negative, all components
1119 * except the last -limit are returned.
1120 * @return array Exploded values
1121 */
1122 public static function trimExplode($delim, $string, $removeEmptyValues = false, $limit = 0)
1123 {
1124 $result = explode($delim, $string);
1125 if ($removeEmptyValues) {
1126 $temp = [];
1127 foreach ($result as $value) {
1128 if (trim($value) !== '') {
1129 $temp[] = $value;
1130 }
1131 }
1132 $result = $temp;
1133 }
1134 if ($limit > 0 && count($result) > $limit) {
1135 $lastElements = array_splice($result, $limit - 1);
1136 $result[] = implode($delim, $lastElements);
1137 } elseif ($limit < 0) {
1138 $result = array_slice($result, 0, $limit);
1139 }
1140 $result = array_map('trim', $result);
1141 return $result;
1142 }
1143
1144 /**
1145 * Implodes a multidim-array into GET-parameters (eg. &param[key][key2]=value2&param[key][key3]=value3)
1146 *
1147 * @param string $name Name prefix for entries. Set to blank if you wish none.
1148 * @param array $theArray The (multidimensional) array to implode
1149 * @param string $str (keep blank)
1150 * @param bool $skipBlank If set, parameters which were blank strings would be removed.
1151 * @param bool $rawurlencodeParamName If set, the param name itself (for example "param[key][key2]") would be rawurlencoded as well.
1152 * @return string Imploded result, fx. &param[key][key2]=value2&param[key][key3]=value3
1153 * @see explodeUrl2Array()
1154 */
1155 public static function implodeArrayForUrl($name, array $theArray, $str = '', $skipBlank = false, $rawurlencodeParamName = false)
1156 {
1157 foreach ($theArray as $Akey => $AVal) {
1158 $thisKeyName = $name ? $name . '[' . $Akey . ']' : $Akey;
1159 if (is_array($AVal)) {
1160 $str = self::implodeArrayForUrl($thisKeyName, $AVal, $str, $skipBlank, $rawurlencodeParamName);
1161 } else {
1162 if (!$skipBlank || (string)$AVal !== '') {
1163 $str .= '&' . ($rawurlencodeParamName ? rawurlencode($thisKeyName) : $thisKeyName) . '=' . rawurlencode($AVal);
1164 }
1165 }
1166 }
1167 return $str;
1168 }
1169
1170 /**
1171 * Explodes a string with GETvars (eg. "&id=1&type=2&ext[mykey]=3") into an array
1172 *
1173 * @param string $string GETvars string
1174 * @param bool $multidim If set, the string will be parsed into a multidimensional array if square brackets are used in variable names (using PHP function parse_str())
1175 * @return array Array of values. All values AND keys are rawurldecoded() as they properly should be. But this means that any implosion of the array again must rawurlencode it!
1176 * @see implodeArrayForUrl()
1177 */
1178 public static function explodeUrl2Array($string, $multidim = false)
1179 {
1180 $output = [];
1181 if ($multidim) {
1182 parse_str($string, $output);
1183 } else {
1184 $p = explode('&', $string);
1185 foreach ($p as $v) {
1186 if ($v !== '') {
1187 list($pK, $pV) = explode('=', $v, 2);
1188 $output[rawurldecode($pK)] = rawurldecode($pV);
1189 }
1190 }
1191 }
1192 return $output;
1193 }
1194
1195 /**
1196 * Returns an array with selected keys from incoming data.
1197 * (Better read source code if you want to find out...)
1198 *
1199 * @param string $varList List of variable/key names
1200 * @param array $getArray Array from where to get values based on the keys in $varList
1201 * @param bool $GPvarAlt If set, then \TYPO3\CMS\Core\Utility\GeneralUtility::_GP() is used to fetch the value if not found (isset) in the $getArray
1202 * @return array Output array with selected variables.
1203 */
1204 public static function compileSelectedGetVarsFromArray($varList, array $getArray, $GPvarAlt = true)
1205 {
1206 $keys = self::trimExplode(',', $varList, true);
1207 $outArr = [];
1208 foreach ($keys as $v) {
1209 if (isset($getArray[$v])) {
1210 $outArr[$v] = $getArray[$v];
1211 } elseif ($GPvarAlt) {
1212 $outArr[$v] = self::_GP($v);
1213 }
1214 }
1215 return $outArr;
1216 }
1217
1218 /**
1219 * Removes dots "." from end of a key identifier of TypoScript styled array.
1220 * array('key.' => array('property.' => 'value')) --> array('key' => array('property' => 'value'))
1221 *
1222 * @param array $ts TypoScript configuration array
1223 * @return array TypoScript configuration array without dots at the end of all keys
1224 */
1225 public static function removeDotsFromTS(array $ts)
1226 {
1227 $out = [];
1228 foreach ($ts as $key => $value) {
1229 if (is_array($value)) {
1230 $key = rtrim($key, '.');
1231 $out[$key] = self::removeDotsFromTS($value);
1232 } else {
1233 $out[$key] = $value;
1234 }
1235 }
1236 return $out;
1237 }
1238
1239 /*************************
1240 *
1241 * HTML/XML PROCESSING
1242 *
1243 *************************/
1244 /**
1245 * Returns an array with all attributes of the input HTML tag as key/value pairs. Attributes are only lowercase a-z
1246 * $tag is either a whole tag (eg '<TAG OPTION ATTRIB=VALUE>') or the parameter list (ex ' OPTION ATTRIB=VALUE>')
1247 * If an attribute is empty, then the value for the key is empty. You can check if it existed with isset()
1248 *
1249 * @param string $tag HTML-tag string (or attributes only)
1250 * @return array Array with the attribute values.
1251 */
1252 public static function get_tag_attributes($tag)
1253 {
1254 $components = self::split_tag_attributes($tag);
1255 // Attribute name is stored here
1256 $name = '';
1257 $valuemode = false;
1258 $attributes = [];
1259 foreach ($components as $key => $val) {
1260 // Only if $name is set (if there is an attribute, that waits for a value), that valuemode is enabled. This ensures that the attribute is assigned it's value
1261 if ($val !== '=') {
1262 if ($valuemode) {
1263 if ($name) {
1264 $attributes[$name] = $val;
1265 $name = '';
1266 }
1267 } else {
1268 if ($key = strtolower(preg_replace('/[^[:alnum:]_\\:\\-]/', '', $val))) {
1269 $attributes[$key] = '';
1270 $name = $key;
1271 }
1272 }
1273 $valuemode = false;
1274 } else {
1275 $valuemode = true;
1276 }
1277 }
1278 return $attributes;
1279 }
1280
1281 /**
1282 * Returns an array with the 'components' from an attribute list from an HTML tag. The result is normally analyzed by get_tag_attributes
1283 * Removes tag-name if found
1284 *
1285 * @param string $tag HTML-tag string (or attributes only)
1286 * @return array Array with the attribute values.
1287 */
1288 public static function split_tag_attributes($tag)
1289 {
1290 $tag_tmp = trim(preg_replace('/^<[^[:space:]]*/', '', trim($tag)));
1291 // Removes any > in the end of the string
1292 $tag_tmp = trim(rtrim($tag_tmp, '>'));
1293 $value = [];
1294 // Compared with empty string instead , 030102
1295 while ($tag_tmp !== '') {
1296 $firstChar = $tag_tmp[0];
1297 if ($firstChar === '"' || $firstChar === '\'') {
1298 $reg = explode($firstChar, $tag_tmp, 3);
1299 $value[] = $reg[1];
1300 $tag_tmp = trim($reg[2]);
1301 } elseif ($firstChar === '=') {
1302 $value[] = '=';
1303 // Removes = chars.
1304 $tag_tmp = trim(substr($tag_tmp, 1));
1305 } else {
1306 // There are '' around the value. We look for the next ' ' or '>'
1307 $reg = preg_split('/[[:space:]=]/', $tag_tmp, 2);
1308 $value[] = trim($reg[0]);
1309 $tag_tmp = trim(substr($tag_tmp, strlen($reg[0]), 1) . $reg[1]);
1310 }
1311 }
1312 reset($value);
1313 return $value;
1314 }
1315
1316 /**
1317 * Implodes attributes in the array $arr for an attribute list in eg. and HTML tag (with quotes)
1318 *
1319 * @param array $arr Array with attribute key/value pairs, eg. "bgcolor"=>"red", "border"=>0
1320 * @param bool $xhtmlSafe If set the resulting attribute list will have a) all attributes in lowercase (and duplicates weeded out, first entry taking precedence) and b) all values htmlspecialchar()'ed. It is recommended to use this switch!
1321 * @param bool $dontOmitBlankAttribs If TRUE, don't check if values are blank. Default is to omit attributes with blank values.
1322 * @return string Imploded attributes, eg. 'bgcolor="red" border="0"'
1323 */
1324 public static function implodeAttributes(array $arr, $xhtmlSafe = false, $dontOmitBlankAttribs = false)
1325 {
1326 if ($xhtmlSafe) {
1327 $newArr = [];
1328 foreach ($arr as $p => $v) {
1329 if (!isset($newArr[strtolower($p)])) {
1330 $newArr[strtolower($p)] = htmlspecialchars($v);
1331 }
1332 }
1333 $arr = $newArr;
1334 }
1335 $list = [];
1336 foreach ($arr as $p => $v) {
1337 if ((string)$v !== '' || $dontOmitBlankAttribs) {
1338 $list[] = $p . '="' . $v . '"';
1339 }
1340 }
1341 return implode(' ', $list);
1342 }
1343
1344 /**
1345 * Wraps JavaScript code XHTML ready with <script>-tags
1346 * Automatic re-indenting of the JS code is done by using the first line as indent reference.
1347 * This is nice for indenting JS code with PHP code on the same level.
1348 *
1349 * @param string $string JavaScript code
1350 * @return string The wrapped JS code, ready to put into a XHTML page
1351 */
1352 public static function wrapJS($string)
1353 {
1354 if (trim($string)) {
1355 // remove nl from the beginning
1356 $string = ltrim($string, LF);
1357 // re-ident to one tab using the first line as reference
1358 $match = [];
1359 if (preg_match('/^(\\t+)/', $string, $match)) {
1360 $string = str_replace($match[1], TAB, $string);
1361 }
1362 return '<script type="text/javascript">
1363 /*<![CDATA[*/
1364 ' . $string . '
1365 /*]]>*/
1366 </script>';
1367 }
1368 return '';
1369 }
1370
1371 /**
1372 * Parses XML input into a PHP array with associative keys
1373 *
1374 * @param string $string XML data input
1375 * @param int $depth Number of element levels to resolve the XML into an array. Any further structure will be set as XML.
1376 * @param array $parserOptions Options that will be passed to PHP's xml_parser_set_option()
1377 * @return mixed The array with the parsed structure unless the XML parser returns with an error in which case the error message string is returned.
1378 */
1379 public static function xml2tree($string, $depth = 999, $parserOptions = [])
1380 {
1381 // Disables the functionality to allow external entities to be loaded when parsing the XML, must be kept
1382 $previousValueOfEntityLoader = libxml_disable_entity_loader(true);
1383 $parser = xml_parser_create();
1384 $vals = [];
1385 $index = [];
1386 xml_parser_set_option($parser, XML_OPTION_CASE_FOLDING, 0);
1387 xml_parser_set_option($parser, XML_OPTION_SKIP_WHITE, 0);
1388 foreach ($parserOptions as $option => $value) {
1389 xml_parser_set_option($parser, $option, $value);
1390 }
1391 xml_parse_into_struct($parser, $string, $vals, $index);
1392 libxml_disable_entity_loader($previousValueOfEntityLoader);
1393 if (xml_get_error_code($parser)) {
1394 return 'Line ' . xml_get_current_line_number($parser) . ': ' . xml_error_string(xml_get_error_code($parser));
1395 }
1396 xml_parser_free($parser);
1397 $stack = [[]];
1398 $stacktop = 0;
1399 $startPoint = 0;
1400 $tagi = [];
1401 foreach ($vals as $key => $val) {
1402 $type = $val['type'];
1403 // open tag:
1404 if ($type === 'open' || $type === 'complete') {
1405 $stack[$stacktop++] = $tagi;
1406 if ($depth == $stacktop) {
1407 $startPoint = $key;
1408 }
1409 $tagi = ['tag' => $val['tag']];
1410 if (isset($val['attributes'])) {
1411 $tagi['attrs'] = $val['attributes'];
1412 }
1413 if (isset($val['value'])) {
1414 $tagi['values'][] = $val['value'];
1415 }
1416 }
1417 // finish tag:
1418 if ($type === 'complete' || $type === 'close') {
1419 $oldtagi = $tagi;
1420 $tagi = $stack[--$stacktop];
1421 $oldtag = $oldtagi['tag'];
1422 unset($oldtagi['tag']);
1423 if ($depth == $stacktop + 1) {
1424 if ($key - $startPoint > 0) {
1425 $partArray = array_slice($vals, $startPoint + 1, $key - $startPoint - 1);
1426 $oldtagi['XMLvalue'] = self::xmlRecompileFromStructValArray($partArray);
1427 } else {
1428 $oldtagi['XMLvalue'] = $oldtagi['values'][0];
1429 }
1430 }
1431 $tagi['ch'][$oldtag][] = $oldtagi;
1432 unset($oldtagi);
1433 }
1434 // cdata
1435 if ($type === 'cdata') {
1436 $tagi['values'][] = $val['value'];
1437 }
1438 }
1439 return $tagi['ch'];
1440 }
1441
1442 /**
1443 * Converts a PHP array into an XML string.
1444 * The XML output is optimized for readability since associative keys are used as tag names.
1445 * This also means that only alphanumeric characters are allowed in the tag names AND only keys NOT starting with numbers (so watch your usage of keys!). However there are options you can set to avoid this problem.
1446 * Numeric keys are stored with the default tag name "numIndex" but can be overridden to other formats)
1447 * The function handles input values from the PHP array in a binary-safe way; All characters below 32 (except 9,10,13) will trigger the content to be converted to a base64-string
1448 * The PHP variable type of the data IS preserved as long as the types are strings, arrays, integers and booleans. Strings are the default type unless the "type" attribute is set.
1449 * The output XML has been tested with the PHP XML-parser and parses OK under all tested circumstances with 4.x versions. However, with PHP5 there seems to be the need to add an XML prologue a la <?xml version="1.0" encoding="[charset]" standalone="yes" ?> - otherwise UTF-8 is assumed! Unfortunately, many times the output from this function is used without adding that prologue meaning that non-ASCII characters will break the parsing!! This suchs of course! Effectively it means that the prologue should always be prepended setting the right characterset, alternatively the system should always run as utf-8!
1450 * However using MSIE to read the XML output didn't always go well: One reason could be that the character encoding is not observed in the PHP data. The other reason may be if the tag-names are invalid in the eyes of MSIE. Also using the namespace feature will make MSIE break parsing. There might be more reasons...
1451 *
1452 * @param array $array The input PHP array with any kind of data; text, binary, integers. Not objects though.
1453 * @param string $NSprefix tag-prefix, eg. a namespace prefix like "T3:"
1454 * @param int $level Current recursion level. Don't change, stay at zero!
1455 * @param string $docTag Alternative document tag. Default is "phparray".
1456 * @param int $spaceInd If greater than zero, then the number of spaces corresponding to this number is used for indenting, if less than zero - no indentation, if zero - a single TAB is used
1457 * @param array $options Options for the compilation. Key "useNindex" => 0/1 (boolean: whether to use "n0, n1, n2" for num. indexes); Key "useIndexTagForNum" => "[tag for numerical indexes]"; Key "useIndexTagForAssoc" => "[tag for associative indexes"; Key "parentTagMap" => array('parentTag' => 'thisLevelTag')
1458 * @param array $stackData Stack data. Don't touch.
1459 * @return string An XML string made from the input content in the array.
1460 * @see xml2array()
1461 */
1462 public static function array2xml(array $array, $NSprefix = '', $level = 0, $docTag = 'phparray', $spaceInd = 0, array $options = [], array $stackData = [])
1463 {
1464 // The list of byte values which will trigger binary-safe storage. If any value has one of these char values in it, it will be encoded in base64
1465 $binaryChars = chr(0) . chr(1) . chr(2) . chr(3) . chr(4) . chr(5) . chr(6) . chr(7) . chr(8) . chr(11) . chr(12) . chr(14) . chr(15) . chr(16) . chr(17) . chr(18) . chr(19) . chr(20) . chr(21) . chr(22) . chr(23) . chr(24) . chr(25) . chr(26) . chr(27) . chr(28) . chr(29) . chr(30) . chr(31);
1466 // Set indenting mode:
1467 $indentChar = $spaceInd ? ' ' : TAB;
1468 $indentN = $spaceInd > 0 ? $spaceInd : 1;
1469 $nl = $spaceInd >= 0 ? LF : '';
1470 // Init output variable:
1471 $output = '';
1472 // Traverse the input array
1473 foreach ($array as $k => $v) {
1474 $attr = '';
1475 $tagName = $k;
1476 // Construct the tag name.
1477 // Use tag based on grand-parent + parent tag name
1478 if (isset($options['grandParentTagMap'][$stackData['grandParentTagName'] . '/' . $stackData['parentTagName']])) {
1479 $attr .= ' index="' . htmlspecialchars($tagName) . '"';
1480 $tagName = (string)$options['grandParentTagMap'][$stackData['grandParentTagName'] . '/' . $stackData['parentTagName']];
1481 } elseif (isset($options['parentTagMap'][$stackData['parentTagName'] . ':_IS_NUM']) && MathUtility::canBeInterpretedAsInteger($tagName)) {
1482 // Use tag based on parent tag name + if current tag is numeric
1483 $attr .= ' index="' . htmlspecialchars($tagName) . '"';
1484 $tagName = (string)$options['parentTagMap'][$stackData['parentTagName'] . ':_IS_NUM'];
1485 } elseif (isset($options['parentTagMap'][$stackData['parentTagName'] . ':' . $tagName])) {
1486 // Use tag based on parent tag name + current tag
1487 $attr .= ' index="' . htmlspecialchars($tagName) . '"';
1488 $tagName = (string)$options['parentTagMap'][$stackData['parentTagName'] . ':' . $tagName];
1489 } elseif (isset($options['parentTagMap'][$stackData['parentTagName']])) {
1490 // Use tag based on parent tag name:
1491 $attr .= ' index="' . htmlspecialchars($tagName) . '"';
1492 $tagName = (string)$options['parentTagMap'][$stackData['parentTagName']];
1493 } elseif (MathUtility::canBeInterpretedAsInteger($tagName)) {
1494 // If integer...;
1495 if ($options['useNindex']) {
1496 // If numeric key, prefix "n"
1497 $tagName = 'n' . $tagName;
1498 } else {
1499 // Use special tag for num. keys:
1500 $attr .= ' index="' . $tagName . '"';
1501 $tagName = $options['useIndexTagForNum'] ?: 'numIndex';
1502 }
1503 } elseif ($options['useIndexTagForAssoc']) {
1504 // Use tag for all associative keys:
1505 $attr .= ' index="' . htmlspecialchars($tagName) . '"';
1506 $tagName = $options['useIndexTagForAssoc'];
1507 }
1508 // The tag name is cleaned up so only alphanumeric chars (plus - and _) are in there and not longer than 100 chars either.
1509 $tagName = substr(preg_replace('/[^[:alnum:]_-]/', '', $tagName), 0, 100);
1510 // If the value is an array then we will call this function recursively:
1511 if (is_array($v)) {
1512 // Sub elements:
1513 if ($options['alt_options'][$stackData['path'] . '/' . $tagName]) {
1514 $subOptions = $options['alt_options'][$stackData['path'] . '/' . $tagName];
1515 $clearStackPath = $subOptions['clearStackPath'];
1516 } else {
1517 $subOptions = $options;
1518 $clearStackPath = false;
1519 }
1520 if (empty($v)) {
1521 $content = '';
1522 } else {
1523 $content = $nl . self::array2xml($v, $NSprefix, $level + 1, '', $spaceInd, $subOptions, [
1524 'parentTagName' => $tagName,
1525 'grandParentTagName' => $stackData['parentTagName'],
1526 'path' => $clearStackPath ? '' : $stackData['path'] . '/' . $tagName
1527 ]) . ($spaceInd >= 0 ? str_pad('', ($level + 1) * $indentN, $indentChar) : '');
1528 }
1529 // Do not set "type = array". Makes prettier XML but means that empty arrays are not restored with xml2array
1530 if ((int)$options['disableTypeAttrib'] != 2) {
1531 $attr .= ' type="array"';
1532 }
1533 } else {
1534 // Just a value:
1535 // Look for binary chars:
1536 $vLen = strlen($v);
1537 // Go for base64 encoding if the initial segment NOT matching any binary char has the same length as the whole string!
1538 if ($vLen && strcspn($v, $binaryChars) != $vLen) {
1539 // If the value contained binary chars then we base64-encode it an set an attribute to notify this situation:
1540 $content = $nl . chunk_split(base64_encode($v));
1541 $attr .= ' base64="1"';
1542 } else {
1543 // Otherwise, just htmlspecialchar the stuff:
1544 $content = htmlspecialchars($v);
1545 $dType = gettype($v);
1546 if ($dType === 'string') {
1547 if ($options['useCDATA'] && $content != $v) {
1548 $content = '<![CDATA[' . $v . ']]>';
1549 }
1550 } elseif (!$options['disableTypeAttrib']) {
1551 $attr .= ' type="' . $dType . '"';
1552 }
1553 }
1554 }
1555 if ((string)$tagName !== '') {
1556 // Add the element to the output string:
1557 $output .= ($spaceInd >= 0 ? str_pad('', ($level + 1) * $indentN, $indentChar) : '')
1558 . '<' . $NSprefix . $tagName . $attr . '>' . $content . '</' . $NSprefix . $tagName . '>' . $nl;
1559 }
1560 }
1561 // If we are at the outer-most level, then we finally wrap it all in the document tags and return that as the value:
1562 if (!$level) {
1563 $output = '<' . $docTag . '>' . $nl . $output . '</' . $docTag . '>';
1564 }
1565 return $output;
1566 }
1567
1568 /**
1569 * Converts an XML string to a PHP array.
1570 * This is the reverse function of array2xml()
1571 * This is a wrapper for xml2arrayProcess that adds a two-level cache
1572 *
1573 * @param string $string XML content to convert into an array
1574 * @param string $NSprefix The tag-prefix resolve, eg. a namespace like "T3:"
1575 * @param bool $reportDocTag If set, the document tag will be set in the key "_DOCUMENT_TAG" of the output array
1576 * @return mixed If the parsing had errors, a string with the error message is returned. Otherwise an array with the content.
1577 * @see array2xml(),xml2arrayProcess()
1578 */
1579 public static function xml2array($string, $NSprefix = '', $reportDocTag = false)
1580 {
1581 static $firstLevelCache = [];
1582 $identifier = md5($string . $NSprefix . ($reportDocTag ? '1' : '0'));
1583 // Look up in first level cache
1584 if (!empty($firstLevelCache[$identifier])) {
1585 $array = $firstLevelCache[$identifier];
1586 } else {
1587 $array = self::xml2arrayProcess(trim($string), $NSprefix, $reportDocTag);
1588 // Store content in first level cache
1589 $firstLevelCache[$identifier] = $array;
1590 }
1591 return $array;
1592 }
1593
1594 /**
1595 * Converts an XML string to a PHP array.
1596 * This is the reverse function of array2xml()
1597 *
1598 * @param string $string XML content to convert into an array
1599 * @param string $NSprefix The tag-prefix resolve, eg. a namespace like "T3:"
1600 * @param bool $reportDocTag If set, the document tag will be set in the key "_DOCUMENT_TAG" of the output array
1601 * @return mixed If the parsing had errors, a string with the error message is returned. Otherwise an array with the content.
1602 * @see array2xml()
1603 */
1604 protected static function xml2arrayProcess($string, $NSprefix = '', $reportDocTag = false)
1605 {
1606 // Disables the functionality to allow external entities to be loaded when parsing the XML, must be kept
1607 $previousValueOfEntityLoader = libxml_disable_entity_loader(true);
1608 // Create parser:
1609 $parser = xml_parser_create();
1610 $vals = [];
1611 $index = [];
1612 xml_parser_set_option($parser, XML_OPTION_CASE_FOLDING, 0);
1613 xml_parser_set_option($parser, XML_OPTION_SKIP_WHITE, 0);
1614 // Default output charset is UTF-8, only ASCII, ISO-8859-1 and UTF-8 are supported!!!
1615 $match = [];
1616 preg_match('/^[[:space:]]*<\\?xml[^>]*encoding[[:space:]]*=[[:space:]]*"([^"]*)"/', substr($string, 0, 200), $match);
1617 $theCharset = $match[1] ?? 'utf-8';
1618 // us-ascii / utf-8 / iso-8859-1
1619 xml_parser_set_option($parser, XML_OPTION_TARGET_ENCODING, $theCharset);
1620 // Parse content:
1621 xml_parse_into_struct($parser, $string, $vals, $index);
1622 libxml_disable_entity_loader($previousValueOfEntityLoader);
1623 // If error, return error message:
1624 if (xml_get_error_code($parser)) {
1625 return 'Line ' . xml_get_current_line_number($parser) . ': ' . xml_error_string(xml_get_error_code($parser));
1626 }
1627 xml_parser_free($parser);
1628 // Init vars:
1629 $stack = [[]];
1630 $stacktop = 0;
1631 $current = [];
1632 $tagName = '';
1633 $documentTag = '';
1634 // Traverse the parsed XML structure:
1635 foreach ($vals as $key => $val) {
1636 // First, process the tag-name (which is used in both cases, whether "complete" or "close")
1637 $tagName = $val['tag'];
1638 if (!$documentTag) {
1639 $documentTag = $tagName;
1640 }
1641 // Test for name space:
1642 $tagName = $NSprefix && substr($tagName, 0, strlen($NSprefix)) == $NSprefix ? substr($tagName, strlen($NSprefix)) : $tagName;
1643 // Test for numeric tag, encoded on the form "nXXX":
1644 $testNtag = substr($tagName, 1);
1645 // Closing tag.
1646 $tagName = $tagName[0] === 'n' && MathUtility::canBeInterpretedAsInteger($testNtag) ? (int)$testNtag : $tagName;
1647 // Test for alternative index value:
1648 if ((string)($val['attributes']['index'] ?? '') !== '') {
1649 $tagName = $val['attributes']['index'];
1650 }
1651 // Setting tag-values, manage stack:
1652 switch ($val['type']) {
1653 case 'open':
1654 // If open tag it means there is an array stored in sub-elements. Therefore increase the stackpointer and reset the accumulation array:
1655 // Setting blank place holder
1656 $current[$tagName] = [];
1657 $stack[$stacktop++] = $current;
1658 $current = [];
1659 break;
1660 case 'close':
1661 // If the tag is "close" then it is an array which is closing and we decrease the stack pointer.
1662 $oldCurrent = $current;
1663 $current = $stack[--$stacktop];
1664 // Going to the end of array to get placeholder key, key($current), and fill in array next:
1665 end($current);
1666 $current[key($current)] = $oldCurrent;
1667 unset($oldCurrent);
1668 break;
1669 case 'complete':
1670 // If "complete", then it's a value. If the attribute "base64" is set, then decode the value, otherwise just set it.
1671 if (!empty($val['attributes']['base64'])) {
1672 $current[$tagName] = base64_decode($val['value']);
1673 } else {
1674 // Had to cast it as a string - otherwise it would be evaluate FALSE if tested with isset()!!
1675 $current[$tagName] = (string)($val['value'] ?? '');
1676 // Cast type:
1677 switch ((string)($val['attributes']['type'] ?? '')) {
1678 case 'integer':
1679 $current[$tagName] = (int)$current[$tagName];
1680 break;
1681 case 'double':
1682 $current[$tagName] = (double)$current[$tagName];
1683 break;
1684 case 'boolean':
1685 $current[$tagName] = (bool)$current[$tagName];
1686 break;
1687 case 'NULL':
1688 $current[$tagName] = null;
1689 break;
1690 case 'array':
1691 // MUST be an empty array since it is processed as a value; Empty arrays would end up here because they would have no tags inside...
1692 $current[$tagName] = [];
1693 break;
1694 }
1695 }
1696 break;
1697 }
1698 }
1699 if ($reportDocTag) {
1700 $current[$tagName]['_DOCUMENT_TAG'] = $documentTag;
1701 }
1702 // Finally return the content of the document tag.
1703 return $current[$tagName];
1704 }
1705
1706 /**
1707 * This implodes an array of XML parts (made with xml_parse_into_struct()) into XML again.
1708 *
1709 * @param array $vals An array of XML parts, see xml2tree
1710 * @return string Re-compiled XML data.
1711 */
1712 public static function xmlRecompileFromStructValArray(array $vals)
1713 {
1714 $XMLcontent = '';
1715 foreach ($vals as $val) {
1716 $type = $val['type'];
1717 // Open tag:
1718 if ($type === 'open' || $type === 'complete') {
1719 $XMLcontent .= '<' . $val['tag'];
1720 if (isset($val['attributes'])) {
1721 foreach ($val['attributes'] as $k => $v) {
1722 $XMLcontent .= ' ' . $k . '="' . htmlspecialchars($v) . '"';
1723 }
1724 }
1725 if ($type === 'complete') {
1726 if (isset($val['value'])) {
1727 $XMLcontent .= '>' . htmlspecialchars($val['value']) . '</' . $val['tag'] . '>';
1728 } else {
1729 $XMLcontent .= '/>';
1730 }
1731 } else {
1732 $XMLcontent .= '>';
1733 }
1734 if ($type === 'open' && isset($val['value'])) {
1735 $XMLcontent .= htmlspecialchars($val['value']);
1736 }
1737 }
1738 // Finish tag:
1739 if ($type === 'close') {
1740 $XMLcontent .= '</' . $val['tag'] . '>';
1741 }
1742 // Cdata
1743 if ($type === 'cdata') {
1744 $XMLcontent .= htmlspecialchars($val['value']);
1745 }
1746 }
1747 return $XMLcontent;
1748 }
1749
1750 /**
1751 * Minifies JavaScript
1752 *
1753 * @param string $script Script to minify
1754 * @param string $error Error message (if any)
1755 * @return string Minified script or source string if error happened
1756 */
1757 public static function minifyJavaScript($script, &$error = '')
1758 {
1759 $fakeThis = false;
1760 foreach ($GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['t3lib/class.t3lib_div.php']['minifyJavaScript'] ?? [] as $hookMethod) {
1761 try {
1762 $parameters = ['script' => $script];
1763 $script = static::callUserFunction($hookMethod, $parameters, $fakeThis);
1764 } catch (\Exception $e) {
1765 $errorMessage = 'Error minifying java script: ' . $e->getMessage();
1766 $error .= $errorMessage;
1767 static::getLogger()->warning($errorMessage, [
1768 'JavaScript' => $script,
1769 'hook' => $hookMethod,
1770 'exception' => $e,
1771 ]);
1772 }
1773 }
1774 return $script;
1775 }
1776
1777 /*************************
1778 *
1779 * FILES FUNCTIONS
1780 *
1781 *************************/
1782 /**
1783 * Reads the file or url $url and returns the content
1784 * If you are having trouble with proxies when reading URLs you can configure your way out of that with settings within $GLOBALS['TYPO3_CONF_VARS']['HTTP'].
1785 *
1786 * @param string $url File/URL to read
1787 * @param int $includeHeader Whether the HTTP header should be fetched or not. 0=disable, 1=fetch header+content, 2=fetch header only
1788 * @param array $requestHeaders HTTP headers to be used in the request
1789 * @param array $report Error code/message and, if $includeHeader is 1, response meta data (HTTP status and content type)
1790 * @return mixed The content from the resource given as input. FALSE if an error has occurred.
1791 */
1792 public static function getUrl($url, $includeHeader = 0, $requestHeaders = null, &$report = null)
1793 {
1794 if (isset($report)) {
1795 $report['error'] = 0;
1796 $report['message'] = '';
1797 }
1798 // Looks like it's an external file, use Guzzle by default
1799 if (preg_match('/^(?:http|ftp)s?|s(?:ftp|cp):/', $url)) {
1800 /** @var RequestFactory $requestFactory */
1801 $requestFactory = static::makeInstance(RequestFactory::class);
1802 if (is_array($requestHeaders)) {
1803 // Check is $requestHeaders is an associative array or not
1804 if (count(array_filter(array_keys($requestHeaders), 'is_string')) === 0) {
1805 trigger_error('Request headers as colon-separated string are deprecated, use an associative array instead.', E_USER_DEPRECATED);
1806 // Convert cURL style lines of headers to Guzzle key/value(s) pairs.
1807 $requestHeaders = static::splitHeaderLines($requestHeaders);
1808 }
1809 $configuration = ['headers' => $requestHeaders];
1810 } else {
1811 $configuration = [];
1812 }
1813
1814 try {
1815 if (isset($report)) {
1816 $report['lib'] = 'GuzzleHttp';
1817 }
1818 $response = $requestFactory->request($url, 'GET', $configuration);
1819 } catch (RequestException $exception) {
1820 if (isset($report)) {
1821 $report['error'] = $exception->getCode() ?: 1518707554;
1822 $report['message'] = $exception->getMessage();
1823 $report['exception'] = $exception;
1824 }
1825 return false;
1826 }
1827
1828 $content = '';
1829
1830 // Add the headers to the output
1831 $includeHeader = (int)$includeHeader;
1832 if ($includeHeader) {
1833 $parsedURL = parse_url($url);
1834 $method = $includeHeader === 2 ? 'HEAD' : 'GET';
1835 $content = $method . ' ' . ($parsedURL['path'] ?? '/')
1836 . (!empty($parsedURL['query']) ? '?' . $parsedURL['query'] : '') . ' HTTP/1.0' . CRLF
1837 . 'Host: ' . $parsedURL['host'] . CRLF
1838 . 'Connection: close' . CRLF;
1839 if (is_array($requestHeaders)) {
1840 $content .= implode(CRLF, $requestHeaders) . CRLF;
1841 }
1842 foreach ($response->getHeaders() as $headerName => $headerValues) {
1843 $content .= $headerName . ': ' . implode(', ', $headerValues) . CRLF;
1844 }
1845 // Headers are separated from the body with two CRLFs
1846 $content .= CRLF;
1847 }
1848 // If not just headers are requested, add the body
1849 if ($includeHeader !== 2) {
1850 $content .= $response->getBody()->getContents();
1851 }
1852 if (isset($report)) {
1853 if ($response->getStatusCode() >= 300 && $response->getStatusCode() < 400) {
1854 $report['http_code'] = $response->getStatusCode();
1855 $report['content_type'] = $response->getHeaderLine('Content-Type');
1856 $report['error'] = $response->getStatusCode();
1857 $report['message'] = $response->getReasonPhrase();
1858 } elseif (empty($content)) {
1859 $report['error'] = $response->getStatusCode();
1860 $report['message'] = $response->getReasonPhrase();
1861 } elseif ($includeHeader) {
1862 // Set only for $includeHeader to work exactly like PHP variant
1863 $report['http_code'] = $response->getStatusCode();
1864 $report['content_type'] = $response->getHeaderLine('Content-Type');
1865 }
1866 }
1867 } else {
1868 if (isset($report)) {
1869 $report['lib'] = 'file';
1870 }
1871 $content = @file_get_contents($url);
1872 if ($content === false && isset($report)) {
1873 $report['error'] = -1;
1874 $report['message'] = 'Couldn\'t get URL: ' . $url;
1875 }
1876 }
1877 return $content;
1878 }
1879
1880 /**
1881 * Split an array of MIME header strings into an associative array.
1882 * Multiple headers with the same name have their values merged as an array.
1883 *
1884 * @static
1885 * @param array $headers List of headers, eg. ['Foo: Bar', 'Foo: Baz']
1886 * @return array Key/Value(s) pairs of headers, eg. ['Foo' => ['Bar', 'Baz']]
1887 */
1888 protected static function splitHeaderLines(array $headers): array
1889 {
1890 $newHeaders = [];
1891 foreach ($headers as $header) {
1892 $parts = preg_split('/:[ \t]*/', $header, 2, PREG_SPLIT_NO_EMPTY);
1893 if (count($parts) !== 2) {
1894 continue;
1895 }
1896 $key = &$parts[0];
1897 $value = &$parts[1];
1898 if (array_key_exists($key, $newHeaders)) {
1899 if (is_array($newHeaders[$key])) {
1900 $newHeaders[$key][] = $value;
1901 } else {
1902 $prevValue = &$newHeaders[$key];
1903 $newHeaders[$key] = [$prevValue, $value];
1904 }
1905 } else {
1906 $newHeaders[$key] = $value;
1907 }
1908 }
1909 return $newHeaders;
1910 }
1911
1912 /**
1913 * Writes $content to the file $file
1914 *
1915 * @param string $file Filepath to write to
1916 * @param string $content Content to write
1917 * @param bool $changePermissions If TRUE, permissions are forced to be set
1918 * @return bool TRUE if the file was successfully opened and written to.
1919 */
1920 public static function writeFile($file, $content, $changePermissions = false)
1921 {
1922 if (!@is_file($file)) {
1923 $changePermissions = true;
1924 }
1925 if ($fd = fopen($file, 'wb')) {
1926 $res = fwrite($fd, $content);
1927 fclose($fd);
1928 if ($res === false) {
1929 return false;
1930 }
1931 // Change the permissions only if the file has just been created
1932 if ($changePermissions) {
1933 static::fixPermissions($file);
1934 }
1935 return true;
1936 }
1937 return false;
1938 }
1939
1940 /**
1941 * Sets the file system mode and group ownership of a file or a folder.
1942 *
1943 * @param string $path Path of file or folder, must not be escaped. Path can be absolute or relative
1944 * @param bool $recursive If set, also fixes permissions of files and folders in the folder (if $path is a folder)
1945 * @return mixed TRUE on success, FALSE on error, always TRUE on Windows OS
1946 */
1947 public static function fixPermissions($path, $recursive = false)
1948 {
1949 if (Environment::isWindows()) {
1950 return true;
1951 }
1952 $result = false;
1953 // Make path absolute
1954 if (!static::isAbsPath($path)) {
1955 $path = static::getFileAbsFileName($path);
1956 }
1957 if (static::isAllowedAbsPath($path)) {
1958 if (@is_file($path)) {
1959 $targetPermissions = $GLOBALS['TYPO3_CONF_VARS']['SYS']['fileCreateMask'] ?? '0644';
1960 } elseif (@is_dir($path)) {
1961 $targetPermissions = $GLOBALS['TYPO3_CONF_VARS']['SYS']['folderCreateMask'] ?? '0755';
1962 }
1963 if (!empty($targetPermissions)) {
1964 // make sure it's always 4 digits
1965 $targetPermissions = str_pad($targetPermissions, 4, 0, STR_PAD_LEFT);
1966 $targetPermissions = octdec($targetPermissions);
1967 // "@" is there because file is not necessarily OWNED by the user
1968 $result = @chmod($path, $targetPermissions);
1969 }
1970 // Set createGroup if not empty
1971 if (
1972 isset($GLOBALS['TYPO3_CONF_VARS']['SYS']['createGroup'])
1973 && $GLOBALS['TYPO3_CONF_VARS']['SYS']['createGroup'] !== ''
1974 ) {
1975 // "@" is there because file is not necessarily OWNED by the user
1976 $changeGroupResult = @chgrp($path, $GLOBALS['TYPO3_CONF_VARS']['SYS']['createGroup']);
1977 $result = $changeGroupResult ? $result : false;
1978 }
1979 // Call recursive if recursive flag if set and $path is directory
1980 if ($recursive && @is_dir($path)) {
1981 $handle = opendir($path);
1982 if (is_resource($handle)) {
1983 while (($file = readdir($handle)) !== false) {
1984 $recursionResult = null;
1985 if ($file !== '.' && $file !== '..') {
1986 if (@is_file($path . '/' . $file)) {
1987 $recursionResult = static::fixPermissions($path . '/' . $file);
1988 } elseif (@is_dir($path . '/' . $file)) {
1989 $recursionResult = static::fixPermissions($path . '/' . $file, true);
1990 }
1991 if (isset($recursionResult) && !$recursionResult) {
1992 $result = false;
1993 }
1994 }
1995 }
1996 closedir($handle);
1997 }
1998 }
1999 }
2000 return $result;
2001 }
2002
2003 /**
2004 * Writes $content to a filename in the typo3temp/ folder (and possibly one or two subfolders...)
2005 * Accepts an additional subdirectory in the file path!
2006 *
2007 * @param string $filepath Absolute file path to write to inside "typo3temp/". First part of this string must match PATH_site."typo3temp/"
2008 * @param string $content Content string to write
2009 * @return string Returns NULL on success, otherwise an error string telling about the problem.
2010 */
2011 public static function writeFileToTypo3tempDir($filepath, $content)
2012 {
2013 // Parse filepath into directory and basename:
2014 $fI = pathinfo($filepath);
2015 $fI['dirname'] .= '/';
2016 // Check parts:
2017 if (!static::validPathStr($filepath) || !$fI['basename'] || strlen($fI['basename']) >= 60) {
2018 return 'Input filepath "' . $filepath . '" was generally invalid!';
2019 }
2020 // Setting main temporary directory name (standard)
2021 $dirName = PATH_site . 'typo3temp/';
2022 if (!@is_dir($dirName)) {
2023 return 'PATH_site + "typo3temp/" was not a directory!';
2024 }
2025 if (!static::isFirstPartOfStr($fI['dirname'], $dirName)) {
2026 return '"' . $fI['dirname'] . '" was not within directory PATH_site + "typo3temp/"';
2027 }
2028 // Checking if the "subdir" is found:
2029 $subdir = substr($fI['dirname'], strlen($dirName));
2030 if ($subdir) {
2031 if (preg_match('#^(?:[[:alnum:]_]+/)+$#', $subdir)) {
2032 $dirName .= $subdir;
2033 if (!@is_dir($dirName)) {
2034 static::mkdir_deep(PATH_site . 'typo3temp/' . $subdir);
2035 }
2036 } else {
2037 return 'Subdir, "' . $subdir . '", was NOT on the form "[[:alnum:]_]/+"';
2038 }
2039 }
2040 // Checking dir-name again (sub-dir might have been created):
2041 if (@is_dir($dirName)) {
2042 if ($filepath === $dirName . $fI['basename']) {
2043 static::writeFile($filepath, $content);
2044 if (!@is_file($filepath)) {
2045 return 'The file was not written to the disk. Please, check that you have write permissions to the typo3temp/ directory.';
2046 }
2047 } else {
2048 return 'Calculated file location didn\'t match input "' . $filepath . '".';
2049 }
2050 } else {
2051 return '"' . $dirName . '" is not a directory!';
2052 }
2053 return null;
2054 }
2055
2056 /**
2057 * Wrapper function for mkdir.
2058 * Sets folder permissions according to $GLOBALS['TYPO3_CONF_VARS']['SYS']['folderCreateMask']
2059 * and group ownership according to $GLOBALS['TYPO3_CONF_VARS']['SYS']['createGroup']
2060 *
2061 * @param string $newFolder Absolute path to folder, see PHP mkdir() function. Removes trailing slash internally.
2062 * @return bool TRUE if @mkdir went well!
2063 */
2064 public static function mkdir($newFolder)
2065 {
2066 $result = @mkdir($newFolder, octdec($GLOBALS['TYPO3_CONF_VARS']['SYS']['folderCreateMask']));
2067 if ($result) {
2068 static::fixPermissions($newFolder);
2069 }
2070 return $result;
2071 }
2072
2073 /**
2074 * Creates a directory - including parent directories if necessary and
2075 * sets permissions on newly created directories.
2076 *
2077 * @param string $directory Target directory to create. Must a have trailing slash
2078 * @param string $deepDirectory Directory to create. This second parameter
2079 * @throws \InvalidArgumentException If $directory or $deepDirectory are not strings
2080 * @throws \RuntimeException If directory could not be created
2081 */
2082 public static function mkdir_deep($directory, $deepDirectory = '')
2083 {
2084 if (!is_string($directory)) {
2085 throw new \InvalidArgumentException('The specified directory is of type "' . gettype($directory) . '" but a string is expected.', 1303662955);
2086 }
2087 if (!is_string($deepDirectory)) {
2088 throw new \InvalidArgumentException('The specified directory is of type "' . gettype($deepDirectory) . '" but a string is expected.', 1303662956);
2089 }
2090 // Ensure there is only one slash
2091 $fullPath = rtrim($directory, '/') . '/';
2092 if ($deepDirectory !== '') {
2093 trigger_error('Second argument $deepDirectory of GeneralUtility::mkdir_deep() will be removed in TYPO3 v10.0, use a combined string as first argument instead.', E_USER_DEPRECATED);
2094 $fullPath .= ltrim($deepDirectory, '/');
2095 }
2096 if ($fullPath !== '/' && !is_dir($fullPath)) {
2097 $firstCreatedPath = static::createDirectoryPath($fullPath);
2098 if ($firstCreatedPath !== '') {
2099 static::fixPermissions($firstCreatedPath, true);
2100 }
2101 }
2102 }
2103
2104 /**
2105 * Creates directories for the specified paths if they do not exist. This
2106 * functions sets proper permission mask but does not set proper user and
2107 * group.
2108 *
2109 * @static
2110 * @param string $fullDirectoryPath
2111 * @return string Path to the the first created directory in the hierarchy
2112 * @see \TYPO3\CMS\Core\Utility\GeneralUtility::mkdir_deep
2113 * @throws \RuntimeException If directory could not be created
2114 */
2115 protected static function createDirectoryPath($fullDirectoryPath)
2116 {
2117 $currentPath = $fullDirectoryPath;
2118 $firstCreatedPath = '';
2119 $permissionMask = octdec($GLOBALS['TYPO3_CONF_VARS']['SYS']['folderCreateMask']);
2120 if (!@is_dir($currentPath)) {
2121 do {
2122 $firstCreatedPath = $currentPath;
2123 $separatorPosition = strrpos($currentPath, DIRECTORY_SEPARATOR);
2124 $currentPath = substr($currentPath, 0, $separatorPosition);
2125 } while (!is_dir($currentPath) && $separatorPosition !== false);
2126 $result = @mkdir($fullDirectoryPath, $permissionMask, true);
2127 // Check existence of directory again to avoid race condition. Directory could have get created by another process between previous is_dir() and mkdir()
2128 if (!$result && !@is_dir($fullDirectoryPath)) {
2129 throw new \RuntimeException('Could not create directory "' . $fullDirectoryPath . '"!', 1170251401);
2130 }
2131 }
2132 return $firstCreatedPath;
2133 }
2134
2135 /**
2136 * Wrapper function for rmdir, allowing recursive deletion of folders and files
2137 *
2138 * @param string $path Absolute path to folder, see PHP rmdir() function. Removes trailing slash internally.
2139 * @param bool $removeNonEmpty Allow deletion of non-empty directories
2140 * @return bool TRUE if @rmdir went well!
2141 */
2142 public static function rmdir($path, $removeNonEmpty = false)
2143 {
2144 $OK = false;
2145 // Remove trailing slash
2146 $path = preg_replace('|/$|', '', $path);
2147 if (file_exists($path)) {
2148 $OK = true;
2149 if (!is_link($path) && is_dir($path)) {
2150 if ($removeNonEmpty == true && ($handle = @opendir($path))) {
2151 while ($OK && false !== ($file = readdir($handle))) {
2152 if ($file === '.' || $file === '..') {
2153 continue;
2154 }
2155 $OK = static::rmdir($path . '/' . $file, $removeNonEmpty);
2156 }
2157 closedir($handle);
2158 }
2159 if ($OK) {
2160 $OK = @rmdir($path);
2161 }
2162 } elseif (is_link($path) && is_dir($path) && Environment::isWindows()) {
2163 $OK = @rmdir($path);
2164 } else {
2165 // If $path is a file, simply remove it
2166 $OK = @unlink($path);
2167 }
2168 clearstatcache();
2169 } elseif (is_link($path)) {
2170 $OK = @unlink($path);
2171 if (!$OK && Environment::isWindows()) {
2172 // Try to delete dead folder links on Windows systems
2173 $OK = @rmdir($path);
2174 }
2175 clearstatcache();
2176 }
2177 return $OK;
2178 }
2179
2180 /**
2181 * Flushes a directory by first moving to a temporary resource, and then
2182 * triggering the remove process. This way directories can be flushed faster
2183 * to prevent race conditions on concurrent processes accessing the same directory.
2184 *
2185 * @param string $directory The directory to be renamed and flushed
2186 * @param bool $keepOriginalDirectory Whether to only empty the directory and not remove it
2187 * @param bool $flushOpcodeCache Also flush the opcode cache right after renaming the directory.
2188 * @return bool Whether the action was successful
2189 */
2190 public static function flushDirectory($directory, $keepOriginalDirectory = false, $flushOpcodeCache = false)
2191 {
2192 $result = false;
2193
2194 if (is_dir($directory)) {
2195 $temporaryDirectory = rtrim($directory, '/') . '.' . StringUtility::getUniqueId('remove') . '/';
2196 if (rename($directory, $temporaryDirectory)) {
2197 if ($flushOpcodeCache) {
2198 self::makeInstance(OpcodeCacheService::class)->clearAllActive($directory);
2199 }
2200 if ($keepOriginalDirectory) {
2201 static::mkdir($directory);
2202 }
2203 clearstatcache();
2204 $result = static::rmdir($temporaryDirectory, true);
2205 }
2206 }
2207
2208 return $result;
2209 }
2210
2211 /**
2212 * Returns an array with the names of folders in a specific path
2213 * Will return 'error' (string) if there were an error with reading directory content.
2214 *
2215 * @param string $path Path to list directories from
2216 * @return array Returns an array with the directory entries as values. If no path, the return value is nothing.
2217 */
2218 public static function get_dirs($path)
2219 {
2220 $dirs = null;
2221 if ($path) {
2222 if (is_dir($path)) {
2223 $dir = scandir($path);
2224 $dirs = [];
2225 foreach ($dir as $entry) {
2226 if (is_dir($path . '/' . $entry) && $entry !== '..' && $entry !== '.') {
2227 $dirs[] = $entry;
2228 }
2229 }
2230 } else {
2231 $dirs = 'error';
2232 }
2233 }
2234 return $dirs;
2235 }
2236
2237 /**
2238 * Finds all files in a given path and returns them as an array. Each
2239 * array key is a md5 hash of the full path to the file. This is done because
2240 * 'some' extensions like the import/export extension depend on this.
2241 *
2242 * @param string $path The path to retrieve the files from.
2243 * @param string $extensionList A comma-separated list of file extensions. Only files of the specified types will be retrieved. When left blank, files of any type will be retrieved.
2244 * @param bool $prependPath If TRUE, the full path to the file is returned. If FALSE only the file name is returned.
2245 * @param string $order The sorting order. The default sorting order is alphabetical. Setting $order to 'mtime' will sort the files by modification time.
2246 * @param string $excludePattern A regular expression pattern of file names to exclude. For example: 'clear.gif' or '(clear.gif|.htaccess)'. The pattern will be wrapped with: '/^' and '$/'.
2247 * @return array|string Array of the files found, or an error message in case the path could not be opened.
2248 */
2249 public static function getFilesInDir($path, $extensionList = '', $prependPath = false, $order = '', $excludePattern = '')
2250 {
2251 $excludePattern = (string)$excludePattern;
2252 $path = rtrim($path, '/');
2253 if (!@is_dir($path)) {
2254 return [];
2255 }
2256
2257 $rawFileList = scandir($path);
2258 if ($rawFileList === false) {
2259 return 'error opening path: "' . $path . '"';
2260 }
2261
2262 $pathPrefix = $path . '/';
2263 $allowedFileExtensionArray = self::trimExplode(',', $extensionList);
2264 $extensionList = ',' . str_replace(' ', '', $extensionList) . ',';
2265 $files = [];
2266 foreach ($rawFileList as $entry) {
2267 $completePathToEntry = $pathPrefix . $entry;
2268 if (!@is_file($completePathToEntry)) {
2269 continue;
2270 }
2271
2272 foreach ($allowedFileExtensionArray as $allowedFileExtension) {
2273 if (
2274 ($extensionList === ',,' || stripos($extensionList, ',' . substr($entry, strlen($allowedFileExtension) * -1, strlen($allowedFileExtension)) . ',') !== false)
2275 && ($excludePattern === '' || !preg_match('/^' . $excludePattern . '$/', $entry))
2276 ) {
2277 if ($order !== 'mtime') {
2278 $files[] = $entry;
2279 } else {
2280 // Store the value in the key so we can do a fast asort later.
2281 $files[$entry] = filemtime($completePathToEntry);
2282 }
2283 }
2284 }
2285 }
2286
2287 $valueName = 'value';
2288 if ($order === 'mtime') {
2289 asort($files);
2290 $valueName = 'key';
2291 }
2292
2293 $valuePathPrefix = $prependPath ? $pathPrefix : '';
2294 $foundFiles = [];
2295 foreach ($files as $key => $value) {
2296 // Don't change this ever - extensions may depend on the fact that the hash is an md5 of the path! (import/export extension)
2297 $foundFiles[md5($pathPrefix . ${$valueName})] = $valuePathPrefix . ${$valueName};
2298 }
2299
2300 return $foundFiles;
2301 }
2302
2303 /**
2304 * Recursively gather all files and folders of a path.
2305 *
2306 * @param array $fileArr Empty input array (will have files added to it)
2307 * @param string $path The path to read recursively from (absolute) (include trailing slash!)
2308 * @param string $extList Comma list of file extensions: Only files with extensions in this list (if applicable) will be selected.
2309 * @param bool $regDirs If set, directories are also included in output.
2310 * @param int $recursivityLevels The number of levels to dig down...
2311 * @param string $excludePattern regex pattern of files/directories to exclude
2312 * @return array An array with the found files/directories.
2313 */
2314 public static function getAllFilesAndFoldersInPath(array $fileArr, $path, $extList = '', $regDirs = false, $recursivityLevels = 99, $excludePattern = '')
2315 {
2316 if ($regDirs) {
2317 $fileArr[md5($path)] = $path;
2318 }
2319 $fileArr = array_merge($fileArr, self::getFilesInDir($path, $extList, 1, 1, $excludePattern));
2320 $dirs = self::get_dirs($path);
2321 if ($recursivityLevels > 0 && is_array($dirs)) {
2322 foreach ($dirs as $subdirs) {
2323 if ((string)$subdirs !== '' && ($excludePattern === '' || !preg_match('/^' . $excludePattern . '$/', $subdirs))) {
2324 $fileArr = self::getAllFilesAndFoldersInPath($fileArr, $path . $subdirs . '/', $extList, $regDirs, $recursivityLevels - 1, $excludePattern);
2325 }
2326 }
2327 }
2328 return $fileArr;
2329 }
2330
2331 /**
2332 * Removes the absolute part of all files/folders in fileArr
2333 *
2334 * @param array $fileArr The file array to remove the prefix from
2335 * @param string $prefixToRemove The prefix path to remove (if found as first part of string!)
2336 * @return array The input $fileArr processed.
2337 */
2338 public static function removePrefixPathFromList(array $fileArr, $prefixToRemove)
2339 {
2340 foreach ($fileArr as $k => &$absFileRef) {
2341 if (self::isFirstPartOfStr($absFileRef, $prefixToRemove)) {
2342 $absFileRef = substr($absFileRef, strlen($prefixToRemove));
2343 } else {
2344 return 'ERROR: One or more of the files was NOT prefixed with the prefix-path!';
2345 }
2346 }
2347 unset($absFileRef);
2348 return $fileArr;
2349 }
2350
2351 /**
2352 * Fixes a path for windows-backslashes and reduces double-slashes to single slashes
2353 *
2354 * @param string $theFile File path to process
2355 * @return string
2356 */
2357 public static function fixWindowsFilePath($theFile)
2358 {
2359 return str_replace(['\\', '//'], '/', $theFile);
2360 }
2361
2362 /**
2363 * Resolves "../" sections in the input path string.
2364 * For example "fileadmin/directory/../other_directory/" will be resolved to "fileadmin/other_directory/"
2365 *
2366 * @param string $pathStr File path in which "/../" is resolved
2367 * @return string
2368 */
2369 public static function resolveBackPath($pathStr)
2370 {
2371 if (strpos($pathStr, '..') === false) {
2372 return $pathStr;
2373 }
2374 $parts = explode('/', $pathStr);
2375 $output = [];
2376 $c = 0;
2377 foreach ($parts as $part) {
2378 if ($part === '..') {
2379 if ($c) {
2380 array_pop($output);
2381 --$c;
2382 } else {
2383 $output[] = $part;
2384 }
2385 } else {
2386 ++$c;
2387 $output[] = $part;
2388 }
2389 }
2390 return implode('/', $output);
2391 }
2392
2393 /**
2394 * Prefixes a URL used with 'header-location' with 'http://...' depending on whether it has it already.
2395 * - If already having a scheme, nothing is prepended
2396 * - If having REQUEST_URI slash '/', then prefixing 'http://[host]' (relative to host)
2397 * - Otherwise prefixed with TYPO3_REQUEST_DIR (relative to current dir / TYPO3_REQUEST_DIR)
2398 *
2399 * @param string $path URL / path to prepend full URL addressing to.
2400 * @return string
2401 */
2402 public static function locationHeaderUrl($path)
2403 {
2404 $uI = parse_url($path);
2405 // relative to HOST
2406 if ($path[0] === '/') {
2407 $path = self::getIndpEnv('TYPO3_REQUEST_HOST') . $path;
2408 } elseif (!$uI['scheme']) {
2409 // No scheme either
2410 $path = self::getIndpEnv('TYPO3_REQUEST_DIR') . $path;
2411 }
2412 return $path;
2413 }
2414
2415 /**
2416 * Returns the maximum upload size for a file that is allowed. Measured in KB.
2417 * This might be handy to find out the real upload limit that is possible for this
2418 * TYPO3 installation.
2419 *
2420 * @return int The maximum size of uploads that are allowed (measured in kilobytes)
2421 */
2422 public static function getMaxUploadFileSize()
2423 {
2424 // Check for PHP restrictions of the maximum size of one of the $_FILES
2425 $phpUploadLimit = self::getBytesFromSizeMeasurement(ini_get('upload_max_filesize'));
2426 // Check for PHP restrictions of the maximum $_POST size
2427 $phpPostLimit = self::getBytesFromSizeMeasurement(ini_get('post_max_size'));
2428 // If the total amount of post data is smaller (!) than the upload_max_filesize directive,
2429 // then this is the real limit in PHP
2430 $phpUploadLimit = $phpPostLimit > 0 && $phpPostLimit < $phpUploadLimit ? $phpPostLimit : $phpUploadLimit;
2431 return floor($phpUploadLimit) / 1024;
2432 }
2433
2434 /**
2435 * Gets the bytes value from a measurement string like "100k".
2436 *
2437 * @param string $measurement The measurement (e.g. "100k")
2438 * @return int The bytes value (e.g. 102400)
2439 */
2440 public static function getBytesFromSizeMeasurement($measurement)
2441 {
2442 $bytes = (float)$measurement;
2443 if (stripos($measurement, 'G')) {
2444 $bytes *= 1024 * 1024 * 1024;
2445 } elseif (stripos($measurement, 'M')) {
2446 $bytes *= 1024 * 1024;
2447 } elseif (stripos($measurement, 'K')) {
2448 $bytes *= 1024;
2449 }
2450 return $bytes;
2451 }
2452
2453 /**
2454 * Function for static version numbers on files, based on the filemtime
2455 *
2456 * This will make the filename automatically change when a file is
2457 * changed, and by that re-cached by the browser. If the file does not
2458 * exist physically the original file passed to the function is
2459 * returned without the timestamp.
2460 *
2461 * Behaviour is influenced by the setting
2462 * TYPO3_CONF_VARS[TYPO3_MODE][versionNumberInFilename]
2463 * = TRUE (BE) / "embed" (FE) : modify filename
2464 * = FALSE (BE) / "querystring" (FE) : add timestamp as parameter
2465 *
2466 * @param string $file Relative path to file including all potential query parameters (not htmlspecialchared yet)
2467 * @return string Relative path with version filename including the timestamp
2468 */
2469 public static function createVersionNumberedFilename($file)
2470 {
2471 $lookupFile = explode('?', $file);
2472 $path = self::resolveBackPath(self::dirname(PATH_thisScript) . '/' . $lookupFile[0]);
2473
2474 $doNothing = false;
2475 if (TYPO3_MODE === 'FE') {
2476 $mode = strtolower($GLOBALS['TYPO3_CONF_VARS'][TYPO3_MODE]['versionNumberInFilename']);
2477 if ($mode === 'embed') {
2478 $mode = true;
2479 } else {
2480 if ($mode === 'querystring') {
2481 $mode = false;
2482 } else {
2483 $doNothing = true;
2484 }
2485 }
2486 } else {
2487 $mode = $GLOBALS['TYPO3_CONF_VARS'][TYPO3_MODE]['versionNumberInFilename'];
2488 }
2489 if ($doNothing || !file_exists($path)) {
2490 // File not found, return filename unaltered
2491 $fullName = $file;
2492 } else {
2493 if (!$mode) {
2494 // If use of .htaccess rule is not configured,
2495 // we use the default query-string method
2496 if (!empty($lookupFile[1])) {
2497 $separator = '&';
2498 } else {
2499 $separator = '?';
2500 }
2501 $fullName = $file . $separator . filemtime($path);
2502 } else {
2503 // Change the filename
2504 $name = explode('.', $lookupFile[0]);
2505 $extension = array_pop($name);
2506 array_push($name, filemtime($path), $extension);
2507 $fullName = implode('.', $name);
2508 // Append potential query string
2509 $fullName .= $lookupFile[1] ? '?' . $lookupFile[1] : '';
2510 }
2511 }
2512 return $fullName;
2513 }
2514
2515 /*************************
2516 *
2517 * SYSTEM INFORMATION
2518 *
2519 *************************/
2520
2521 /**
2522 * Returns the link-url to the current script.
2523 * In $getParams you can set associative keys corresponding to the GET-vars you wish to add to the URL. If you set them empty, they will remove existing GET-vars from the current URL.
2524 * REMEMBER to always use htmlspecialchars() for content in href-properties to get ampersands converted to entities (XHTML requirement and XSS precaution)
2525 *
2526 * @param array $getParams Array of GET parameters to include
2527 * @return string
2528 */
2529 public static function linkThisScript(array $getParams = [])
2530 {
2531 $parts = self::getIndpEnv('SCRIPT_NAME');
2532 $params = self::_GET();
2533 foreach ($getParams as $key => $value) {
2534 if ($value !== '') {
2535 $params[$key] = $value;
2536 } else {
2537 unset($params[$key]);
2538 }
2539 }
2540 $pString = self::implodeArrayForUrl('', $params);
2541 return $pString ? $parts . '?' . ltrim($pString, '&') : $parts;
2542 }
2543
2544 /**
2545 * Takes a full URL, $url, possibly with a querystring and overlays the $getParams arrays values onto the quirystring, packs it all together and returns the URL again.
2546 * So basically it adds the parameters in $getParams to an existing URL, $url
2547 *
2548 * @param string $url URL string
2549 * @param array $getParams Array of key/value pairs for get parameters to add/overrule with. Can be multidimensional.
2550 * @return string Output URL with added getParams.
2551 */
2552 public static function linkThisUrl($url, array $getParams = [])
2553 {
2554 $parts = parse_url($url);
2555 $getP = [];
2556 if ($parts['query']) {
2557 parse_str($parts['query'], $getP);
2558 }
2559 ArrayUtility::mergeRecursiveWithOverrule($getP, $getParams);
2560 $uP = explode('?', $url);
2561 $params = self::implodeArrayForUrl('', $getP);
2562 $outurl = $uP[0] . ($params ? '?' . substr($params, 1) : '');
2563 return $outurl;
2564 }
2565
2566 /**
2567 * Abstraction method which returns System Environment Variables regardless of server OS, CGI/MODULE version etc. Basically this is SERVER variables for most of them.
2568 * This should be used instead of getEnv() and $_SERVER/ENV_VARS to get reliable values for all situations.
2569 *
2570 * @param string $getEnvName Name of the "environment variable"/"server variable" you wish to use. Valid values are SCRIPT_NAME, SCRIPT_FILENAME, REQUEST_URI, PATH_INFO, REMOTE_ADDR, REMOTE_HOST, HTTP_REFERER, HTTP_HOST, HTTP_USER_AGENT, HTTP_ACCEPT_LANGUAGE, QUERY_STRING, TYPO3_DOCUMENT_ROOT, TYPO3_HOST_ONLY, TYPO3_HOST_ONLY, TYPO3_REQUEST_HOST, TYPO3_REQUEST_URL, TYPO3_REQUEST_SCRIPT, TYPO3_REQUEST_DIR, TYPO3_SITE_URL, _ARRAY
2571 * @return string Value based on the input key, independent of server/os environment.
2572 * @throws \UnexpectedValueException
2573 */
2574 public static function getIndpEnv($getEnvName)
2575 {
2576 if (isset(self::$indpEnvCache[$getEnvName])) {
2577 return self::$indpEnvCache[$getEnvName];
2578 }
2579
2580 /*
2581 Conventions:
2582 output from parse_url():
2583 URL: http://username:password@192.168.1.4:8080/typo3/32/temp/phpcheck/index.php/arg1/arg2/arg3/?arg1,arg2,arg3&p1=parameter1&p2[key]=value#link1
2584 [scheme] => 'http'
2585 [user] => 'username'
2586 [pass] => 'password'
2587 [host] => '192.168.1.4'
2588 [port] => '8080'
2589 [path] => '/typo3/32/temp/phpcheck/index.php/arg1/arg2/arg3/'
2590 [query] => 'arg1,arg2,arg3&p1=parameter1&p2[key]=value'
2591 [fragment] => 'link1'Further definition: [path_script] = '/typo3/32/temp/phpcheck/index.php'
2592 [path_dir] = '/typo3/32/temp/phpcheck/'
2593 [path_info] = '/arg1/arg2/arg3/'
2594 [path] = [path_script/path_dir][path_info]Keys supported:URI______:
2595 REQUEST_URI = [path]?[query] = /typo3/32/temp/phpcheck/index.php/arg1/arg2/arg3/?arg1,arg2,arg3&p1=parameter1&p2[key]=value
2596 HTTP_HOST = [host][:[port]] = 192.168.1.4:8080
2597 SCRIPT_NAME = [path_script]++ = /typo3/32/temp/phpcheck/index.php // NOTICE THAT SCRIPT_NAME will return the php-script name ALSO. [path_script] may not do that (eg. '/somedir/' may result in SCRIPT_NAME '/somedir/index.php')!
2598 PATH_INFO = [path_info] = /arg1/arg2/arg3/
2599 QUERY_STRING = [query] = arg1,arg2,arg3&p1=parameter1&p2[key]=value
2600 HTTP_REFERER = [scheme]://[host][:[port]][path] = http://192.168.1.4:8080/typo3/32/temp/phpcheck/index.php/arg1/arg2/arg3/?arg1,arg2,arg3&p1=parameter1&p2[key]=value
2601 (Notice: NO username/password + NO fragment)CLIENT____:
2602 REMOTE_ADDR = (client IP)
2603 REMOTE_HOST = (client host)
2604 HTTP_USER_AGENT = (client user agent)
2605 HTTP_ACCEPT_LANGUAGE = (client accept language)SERVER____:
2606 SCRIPT_FILENAME = Absolute filename of script (Differs between windows/unix). On windows 'C:\\blabla\\blabl\\' will be converted to 'C:/blabla/blabl/'Special extras:
2607 TYPO3_HOST_ONLY = [host] = 192.168.1.4
2608 TYPO3_PORT = [port] = 8080 (blank if 80, taken from host value)
2609 TYPO3_REQUEST_HOST = [scheme]://[host][:[port]]
2610 TYPO3_REQUEST_URL = [scheme]://[host][:[port]][path]?[query] (scheme will by default be "http" until we can detect something different)
2611 TYPO3_REQUEST_SCRIPT = [scheme]://[host][:[port]][path_script]
2612 TYPO3_REQUEST_DIR = [scheme]://[host][:[port]][path_dir]
2613 TYPO3_SITE_URL = [scheme]://[host][:[port]][path_dir] of the TYPO3 website frontend
2614 TYPO3_SITE_PATH = [path_dir] of the TYPO3 website frontend
2615 TYPO3_SITE_SCRIPT = [script / Speaking URL] of the TYPO3 website
2616 TYPO3_DOCUMENT_ROOT = Absolute path of root of documents: TYPO3_DOCUMENT_ROOT.SCRIPT_NAME = SCRIPT_FILENAME (typically)
2617 TYPO3_SSL = Returns TRUE if this session uses SSL/TLS (https)
2618 TYPO3_PROXY = Returns TRUE if this session runs over a well known proxyNotice: [fragment] is apparently NEVER available to the script!Testing suggestions:
2619 - Output all the values.
2620 - In the script, make a link to the script it self, maybe add some parameters and click the link a few times so HTTP_REFERER is seen
2621 - ALSO TRY the script from the ROOT of a site (like 'http://www.mytest.com/' and not 'http://www.mytest.com/test/' !!)
2622 */
2623 $retVal = '';
2624 switch ((string)$getEnvName) {
2625 case 'SCRIPT_NAME':
2626 $retVal = self::isRunningOnCgiServerApi()
2627 && ($_SERVER['ORIG_PATH_INFO'] ?: $_SERVER['PATH_INFO'])
2628 ? ($_SERVER['ORIG_PATH_INFO'] ?: $_SERVER['PATH_INFO'])
2629 : ($_SERVER['ORIG_SCRIPT_NAME'] ?: $_SERVER['SCRIPT_NAME']);
2630 // Add a prefix if TYPO3 is behind a proxy: ext-domain.com => int-server.com/prefix
2631 if (self::cmpIP($_SERVER['REMOTE_ADDR'], $GLOBALS['TYPO3_CONF_VARS']['SYS']['reverseProxyIP'])) {
2632 if (self::getIndpEnv('TYPO3_SSL') && $GLOBALS['TYPO3_CONF_VARS']['SYS']['reverseProxyPrefixSSL']) {
2633 $retVal = $GLOBALS['TYPO3_CONF_VARS']['SYS']['reverseProxyPrefixSSL'] . $retVal;
2634 } elseif ($GLOBALS['TYPO3_CONF_VARS']['SYS']['reverseProxyPrefix']) {
2635 $retVal = $GLOBALS['TYPO3_CONF_VARS']['SYS']['reverseProxyPrefix'] . $retVal;
2636 }
2637 }
2638 break;
2639 case 'SCRIPT_FILENAME':
2640 $retVal = PATH_thisScript;
2641 break;
2642 case 'REQUEST_URI':
2643 // Typical application of REQUEST_URI is return urls, forms submitting to itself etc. Example: returnUrl='.rawurlencode(\TYPO3\CMS\Core\Utility\GeneralUtility::getIndpEnv('REQUEST_URI'))
2644 if (!empty($GLOBALS['TYPO3_CONF_VARS']['SYS']['requestURIvar'])) {
2645 // This is for URL rewriters that store the original URI in a server variable (eg ISAPI_Rewriter for IIS: HTTP_X_REWRITE_URL)
2646 list($v, $n) = explode('|', $GLOBALS['TYPO3_CONF_VARS']['SYS']['requestURIvar']);
2647 $retVal = $GLOBALS[$v][$n];
2648 } elseif (!$_SERVER['REQUEST_URI']) {
2649 // This is for ISS/CGI which does not have the REQUEST_URI available.
2650 $retVal = '/' . ltrim(self::getIndpEnv('SCRIPT_NAME'), '/') . ($_SERVER['QUERY_STRING'] ? '?' . $_SERVER['QUERY_STRING'] : '');
2651 } else {
2652 $retVal = '/' . ltrim($_SERVER['REQUEST_URI'], '/');
2653 }
2654 // Add a prefix if TYPO3 is behind a proxy: ext-domain.com => int-server.com/prefix
2655 if (self::cmpIP($_SERVER['REMOTE_ADDR'], $GLOBALS['TYPO3_CONF_VARS']['SYS']['reverseProxyIP'])) {
2656 if (self::getIndpEnv('TYPO3_SSL') && $GLOBALS['TYPO3_CONF_VARS']['SYS']['reverseProxyPrefixSSL']) {
2657 $retVal = $GLOBALS['TYPO3_CONF_VARS']['SYS']['reverseProxyPrefixSSL'] . $retVal;
2658 } elseif ($GLOBALS['TYPO3_CONF_VARS']['SYS']['reverseProxyPrefix']) {
2659 $retVal = $GLOBALS['TYPO3_CONF_VARS']['SYS']['reverseProxyPrefix'] . $retVal;
2660 }
2661 }
2662 break;
2663 case 'PATH_INFO':
2664 // $_SERVER['PATH_INFO'] != $_SERVER['SCRIPT_NAME'] is necessary because some servers (Windows/CGI)
2665 // are seen to set PATH_INFO equal to script_name
2666 // Further, there must be at least one '/' in the path - else the PATH_INFO value does not make sense.
2667 // IF 'PATH_INFO' never works for our purpose in TYPO3 with CGI-servers,
2668 // then 'PHP_SAPI=='cgi'' might be a better check.
2669 // Right now strcmp($_SERVER['PATH_INFO'], GeneralUtility::getIndpEnv('SCRIPT_NAME')) will always
2670 // return FALSE for CGI-versions, but that is only as long as SCRIPT_NAME is set equal to PATH_INFO
2671 // because of PHP_SAPI=='cgi' (see above)
2672 if (!self::isRunningOnCgiServerApi()) {
2673 $retVal = $_SERVER['PATH_INFO'];
2674 }
2675 break;
2676 case 'TYPO3_REV_PROXY':
2677 $retVal = self::cmpIP($_SERVER['REMOTE_ADDR'], $GLOBALS['TYPO3_CONF_VARS']['SYS']['reverseProxyIP']);
2678 break;
2679 case 'REMOTE_ADDR':
2680 $retVal = $_SERVER['REMOTE_ADDR'] ?? null;
2681 if (self::cmpIP($retVal, $GLOBALS['TYPO3_CONF_VARS']['SYS']['reverseProxyIP'] ?? '')) {
2682 $ip = self::trimExplode(',', $_SERVER['HTTP_X_FORWARDED_FOR']);
2683 // Choose which IP in list to use
2684 if (!empty($ip)) {
2685 switch ($GLOBALS['TYPO3_CONF_VARS']['SYS']['reverseProxyHeaderMultiValue']) {
2686 case 'last':
2687 $ip = array_pop($ip);
2688 break;
2689 case 'first':
2690 $ip = array_shift($ip);
2691 break;
2692 case 'none':
2693
2694 default:
2695 $ip = '';
2696 }
2697 }
2698 if (self::validIP($ip)) {
2699 $retVal = $ip;
2700 }
2701 }
2702 break;
2703 case 'HTTP_HOST':
2704 // if it is not set we're most likely on the cli
2705 $retVal = $_SERVER['HTTP_HOST'] ?? null;
2706 if (isset($_SERVER['REMOTE_ADDR']) && static::cmpIP($_SERVER['REMOTE_ADDR'], $GLOBALS['TYPO3_CONF_VARS']['SYS']['reverseProxyIP'])) {
2707 $host = self::trimExplode(',', $_SERVER['HTTP_X_FORWARDED_HOST']);
2708 // Choose which host in list to use
2709 if (!empty($host)) {
2710 switch ($GLOBALS['TYPO3_CONF_VARS']['SYS']['reverseProxyHeaderMultiValue']) {
2711 case 'last':
2712 $host = array_pop($host);
2713 break;
2714 case 'first':
2715 $host = array_shift($host);
2716 break;
2717 case 'none':
2718
2719 default:
2720 $host = '';
2721 }
2722 }
2723 if ($host) {
2724 $retVal = $host;
2725 }
2726 }
2727 if (!static::isAllowedHostHeaderValue($retVal)) {
2728 throw new \UnexpectedValueException(
2729 'The current host header value does not match the configured trusted hosts pattern! Check the pattern defined in $GLOBALS[\'TYPO3_CONF_VARS\'][\'SYS\'][\'trustedHostsPattern\'] and adapt it, if you want to allow the current host header \'' . $retVal . '\' for your installation.',
2730 1396795884
2731 );
2732 }
2733 break;
2734 case 'HTTP_REFERER':
2735
2736 case 'HTTP_USER_AGENT':
2737
2738 case 'HTTP_ACCEPT_ENCODING':
2739
2740 case 'HTTP_ACCEPT_LANGUAGE':
2741
2742 case 'REMOTE_HOST':
2743
2744 case 'QUERY_STRING':
2745 $retVal = $_SERVER[$getEnvName] ?? '';
2746 break;
2747 case 'TYPO3_DOCUMENT_ROOT':
2748 // Get the web root (it is not the root of the TYPO3 installation)
2749 // The absolute path of the script can be calculated with TYPO3_DOCUMENT_ROOT + SCRIPT_FILENAME
2750 // Some CGI-versions (LA13CGI) and mod-rewrite rules on MODULE versions will deliver a 'wrong' DOCUMENT_ROOT (according to our description). Further various aliases/mod_rewrite rules can disturb this as well.
2751 // Therefore the DOCUMENT_ROOT is now always calculated as the SCRIPT_FILENAME minus the end part shared with SCRIPT_NAME.
2752 $SFN = self::getIndpEnv('SCRIPT_FILENAME');
2753 $SN_A = explode('/', strrev(self::getIndpEnv('SCRIPT_NAME')));
2754 $SFN_A = explode('/', strrev($SFN));
2755 $acc = [];
2756 foreach ($SN_A as $kk => $vv) {
2757 if ((string)$SFN_A[$kk] === (string)$vv) {
2758 $acc[] = $vv;
2759 } else {
2760 break;
2761 }
2762 }
2763 $commonEnd = strrev(implode('/', $acc));
2764 if ((string)$commonEnd !== '') {
2765 $retVal = substr($SFN, 0, -(strlen($commonEnd) + 1));
2766 }
2767 break;
2768 case 'TYPO3_HOST_ONLY':
2769 $httpHost = self::getIndpEnv('HTTP_HOST');
2770 $httpHostBracketPosition = strpos($httpHost, ']');
2771 $httpHostParts = explode(':', $httpHost);
2772 $retVal = $httpHostBracketPosition !== false ? substr($httpHost, 0, $httpHostBracketPosition + 1) : array_shift($httpHostParts);
2773 break;
2774 case 'TYPO3_PORT':
2775 $httpHost = self::getIndpEnv('HTTP_HOST');
2776 $httpHostOnly = self::getIndpEnv('TYPO3_HOST_ONLY');
2777 $retVal = strlen($httpHost) > strlen($httpHostOnly) ? substr($httpHost, strlen($httpHostOnly) + 1) : '';
2778 break;
2779 case 'TYPO3_REQUEST_HOST':
2780 $retVal = (self::getIndpEnv('TYPO3_SSL') ? 'https://' : 'http://') . self::getIndpEnv('HTTP_HOST');
2781 break;
2782 case 'TYPO3_REQUEST_URL':
2783 $retVal = self::getIndpEnv('TYPO3_REQUEST_HOST') . self::getIndpEnv('REQUEST_URI');
2784 break;
2785 case 'TYPO3_REQUEST_SCRIPT':
2786 $retVal = self::getIndpEnv('TYPO3_REQUEST_HOST') . self::getIndpEnv('SCRIPT_NAME');
2787 break;
2788 case 'TYPO3_REQUEST_DIR':
2789 $retVal = self::getIndpEnv('TYPO3_REQUEST_HOST') . self::dirname(self::getIndpEnv('SCRIPT_NAME')) . '/';
2790 break;
2791 case 'TYPO3_SITE_URL':
2792 $url = self::getIndpEnv('TYPO3_REQUEST_DIR');
2793 // This can only be set by external entry scripts
2794 if (defined('TYPO3_PATH_WEB')) {
2795 $retVal = $url;
2796 } elseif (defined('PATH_thisScript') && defined('PATH_site')) {
2797 $lPath = PathUtility::stripPathSitePrefix(dirname(PATH_thisScript)) . '/';
2798 $siteUrl = substr($url, 0, -strlen($lPath));
2799 if (substr($siteUrl, -1) !== '/') {
2800 $siteUrl .= '/';
2801 }
2802 $retVal = $siteUrl;
2803 }
2804 break;
2805 case 'TYPO3_SITE_PATH':
2806 $retVal = substr(self::getIndpEnv('TYPO3_SITE_URL'), strlen(self::getIndpEnv('TYPO3_REQUEST_HOST')));
2807 break;
2808 case 'TYPO3_SITE_SCRIPT':
2809 $retVal = substr(self::getIndpEnv('TYPO3_REQUEST_URL'), strlen(self::getIndpEnv('TYPO3_SITE_URL')));
2810 break;
2811 case 'TYPO3_SSL':
2812 $proxySSL = trim($GLOBALS['TYPO3_CONF_VARS']['SYS']['reverseProxySSL']);
2813 if ($proxySSL === '*') {
2814 $proxySSL = $GLOBALS['TYPO3_CONF_VARS']['SYS']['reverseProxyIP'];
2815 }
2816 if (self::cmpIP($_SERVER['REMOTE_ADDR'] ?? '', $proxySSL)) {
2817 $retVal = true;
2818 } else {
2819 // https://secure.php.net/manual/en/reserved.variables.server.php
2820 // "Set to a non-empty value if the script was queried through the HTTPS protocol."
2821 $retVal = !empty($_SERVER['SSL_SESSION_ID'])
2822 || (!empty($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) !== 'off');
2823 }
2824 break;
2825 case '_ARRAY':
2826 $out = [];
2827 // Here, list ALL possible keys to this function for debug display.
2828 $envTestVars = [
2829 'HTTP_HOST',
2830 'TYPO3_HOST_ONLY',
2831 'TYPO3_PORT',
2832 'PATH_INFO',
2833 'QUERY_STRING',
2834 'REQUEST_URI',
2835 'HTTP_REFERER',
2836 'TYPO3_REQUEST_HOST',
2837 'TYPO3_REQUEST_URL',
2838 'TYPO3_REQUEST_SCRIPT',
2839 'TYPO3_REQUEST_DIR',
2840 'TYPO3_SITE_URL',
2841 'TYPO3_SITE_SCRIPT',
2842 'TYPO3_SSL',
2843 'TYPO3_REV_PROXY',
2844 'SCRIPT_NAME',
2845 'TYPO3_DOCUMENT_ROOT',
2846 'SCRIPT_FILENAME',
2847 'REMOTE_ADDR',
2848 'REMOTE_HOST',
2849 'HTTP_USER_AGENT',
2850 'HTTP_ACCEPT_LANGUAGE'
2851 ];
2852 foreach ($envTestVars as $v) {
2853 $out[$v] = self::getIndpEnv($v);
2854 }
2855 reset($out);
2856 $retVal = $out;
2857 break;
2858 }
2859 self::$indpEnvCache[$getEnvName] = $retVal;
2860 return $retVal;
2861 }
2862
2863 /**
2864 * Checks if the provided host header value matches the trusted hosts pattern.
2865 * If the pattern is not defined (which only can happen early in the bootstrap), deny any value.
2866 * The result is saved, so the check needs to be executed only once.
2867 *
2868 * @param string $hostHeaderValue HTTP_HOST header value as sent during the request (may include port)
2869 * @return bool
2870 */
2871 public static function isAllowedHostHeaderValue($hostHeaderValue)
2872 {
2873 if (static::$allowHostHeaderValue === true) {
2874 return true;
2875 }
2876
2877 if (static::isInternalRequestType()) {
2878 return static::$allowHostHeaderValue = true;
2879 }
2880
2881 // Deny the value if trusted host patterns is empty, which means we are early in the bootstrap
2882 if (empty($GLOBALS['TYPO3_CONF_VARS']['SYS']['trustedHostsPattern'])) {
2883 return false;
2884 }
2885
2886 if ($GLOBALS['TYPO3_CONF_VARS']['SYS']['trustedHostsPattern'] === self::ENV_TRUSTED_HOSTS_PATTERN_ALLOW_ALL) {
2887 static::$allowHostHeaderValue = true;
2888 } else {
2889 static::$allowHostHeaderValue = static::hostHeaderValueMatchesTrustedHostsPattern($hostHeaderValue);
2890 }
2891
2892 return static::$allowHostHeaderValue;
2893 }
2894
2895 /**
2896 * Checks if the provided host header value matches the trusted hosts pattern without any preprocessing.
2897 *
2898 * @param string $hostHeaderValue
2899 * @return bool
2900 * @internal
2901 */
2902 public static function hostHeaderValueMatchesTrustedHostsPattern($hostHeaderValue)
2903 {
2904 if ($GLOBALS['TYPO3_CONF_VARS']['SYS']['trustedHostsPattern'] === self::ENV_TRUSTED_HOSTS_PATTERN_SERVER_NAME) {
2905 // Allow values that equal the server name
2906 // Note that this is only secure if name base virtual host are configured correctly in the webserver
2907 $defaultPort = self::getIndpEnv('TYPO3_SSL') ? '443' : '80';
2908 $parsedHostValue = parse_url('http://' . $hostHeaderValue);
2909 if (isset($parsedHostValue['port'])) {
2910 $hostMatch = (strtolower($parsedHostValue['host']) === strtolower($_SERVER['SERVER_NAME']) && (string)$parsedHostValue['port'] === $_SERVER['SERVER_PORT']);
2911 } else {
2912 $hostMatch = (strtolower($hostHeaderValue) === strtolower($_SERVER['SERVER_NAME']) && $defaultPort === $_SERVER['SERVER_PORT']);
2913 }
2914 } else {
2915 // In case name based virtual hosts are not possible, we allow setting a trusted host pattern
2916 // See https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-001/ for further details
2917 $hostMatch = (bool)preg_match('/^' . $GLOBALS['TYPO3_CONF_VARS']['SYS']['trustedHostsPattern'] . '$/i', $hostHeaderValue);
2918 }
2919
2920 return $hostMatch;
2921 }
2922
2923 /**
2924 * Allows internal requests to the install tool and from the command line.
2925 * We accept this risk to have the install tool always available.
2926 * Also CLI needs to be allowed as unfortunately AbstractUserAuthentication::getAuthInfoArray()
2927 * accesses HTTP_HOST without reason on CLI
2928 * Additionally, allows requests when no REQUESTTYPE is set, which can happen quite early in the
2929 * Bootstrap. See Application.php in EXT:backend/Classes/Http/.
2930 *
2931 * @return bool
2932 */
2933 protected static function isInternalRequestType()
2934 {
2935 return !defined('TYPO3_REQUESTTYPE') || (defined('TYPO3_REQUESTTYPE') && TYPO3_REQUESTTYPE & (TYPO3_REQUESTTYPE_INSTALL | TYPO3_REQUESTTYPE_CLI));
2936 }
2937
2938 /**
2939 * Gets the unixtime as milliseconds.
2940 *
2941 * @return int The unixtime as milliseconds
2942 */
2943 public static function milliseconds()
2944 {
2945 return round(microtime(true) * 1000);
2946 }
2947
2948 /**
2949 * Client Browser Information
2950 *
2951 * @param string $useragent Alternative User Agent string (if empty, \TYPO3\CMS\Core\Utility\GeneralUtility::getIndpEnv('HTTP_USER_AGENT') is used)
2952 * @return array Parsed information about the HTTP_USER_AGENT in categories BROWSER, VERSION, SYSTEM
2953 */
2954 public static function clientInfo($useragent = '')
2955 {
2956 if (!$useragent) {
2957 $useragent = self::getIndpEnv('HTTP_USER_AGENT');
2958 }
2959 $bInfo = [];
2960 // Which browser?
2961 if (strpos($useragent, 'Konqueror') !== false) {
2962 $bInfo['BROWSER'] = 'konqu';
2963 } elseif (strpos($useragent, 'Opera') !== false) {
2964 $bInfo['BROWSER'] = 'opera';
2965 } elseif (strpos($useragent, 'MSIE') !== false) {
2966 $bInfo['BROWSER'] = 'msie';
2967 } elseif (strpos($useragent, 'Mozilla') !== false) {
2968 $bInfo['BROWSER'] = 'net';
2969 } elseif (strpos($useragent, 'Flash') !== false) {
2970 $bInfo['BROWSER'] = 'flash';
2971 }
2972 if (isset($bInfo['BROWSER'])) {
2973 // Browser version
2974 switch ($bInfo['BROWSER']) {
2975 case 'net':
2976 $bInfo['VERSION'] = (float)substr($useragent, 8);
2977 if (strpos($useragent, 'Netscape6/') !== false) {
2978 $bInfo['VERSION'] = (float)substr(strstr($useragent, 'Netscape6/'), 10);
2979 }
2980 // Will we ever know if this was a typo or intention...?! :-(
2981 if (strpos($useragent, 'Netscape/6') !== false) {
2982 $bInfo['VERSION'] = (float)substr(strstr($useragent, 'Netscape/6'), 10);
2983 }
2984 if (strpos($useragent, 'Netscape/7') !== false) {
2985 $bInfo['VERSION'] = (float)substr(strstr($useragent, 'Netscape/7'), 9);
2986 }
2987 break;
2988 case 'msie':
2989 $tmp = strstr($useragent, 'MSIE');
2990 $bInfo['VERSION'] = (float)preg_replace('/^[^0-9]*/', '', substr($tmp, 4));
2991 break;
2992 case 'opera':
2993 $tmp = strstr($useragent, 'Opera');
2994 $bInfo['VERSION'] = (float)preg_replace('/^[^0-9]*/', '', substr($tmp, 5));
2995 break;
2996 case 'konqu':
2997 $tmp = strstr($useragent, 'Konqueror/');
2998 $bInfo['VERSION'] = (float)substr($tmp, 10);
2999 break;
3000 }